Technical Description

A vulnerability has been identified in Sun JDK, JRE and SDK, which could be exploited by attackers to bypass security restrictions. This issue is caused by an unspecified error in the Applet Class Loader when processing applets, which could allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the vulnerale host, as if it were loaded from the system that the applet is running on, which may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.

Affected Products

Sun JDK version 6 Update 1 and prior
Sun JRE version 6 Update 1 and prior
Sun JDK version 5.0 Update 11 and prior
Sun JRE version 5.0 Update 11 and prior
Sun SDK version 1.4.2_14 and prior
Sun JRE version 1.4.2_14 and prior

Solution

Upgrade to JDK and JRE 6 Update 2 or later, JDK and JRE 5.0 Update 12 or later, or SDK and JRE 1.4.2_15 or later :
http://java.sun.com/javase/downloads/index.jsp

References

http://www.vupen.com/english/advisories/2007/2573
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

Credits

Vulnerability reported by John Heasman (NGSSoftware).

ChangeLog

2007-07-19 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.