Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures
|
|
SecurityTracker Alert ID: 1021315
|
|
SecurityTracker URL: http://securitytracker.com/id?1021315
|
|
CVE Reference: CVE-2008-5355
(Links to External Site)
|
Updated: Dec 5 2008
|
Original Entry Date: Dec 5 2008
|
Impact: Modification of system information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): JDK and JRE 6 Update 10 and prior; JDK and JRE 5.0 Update 16 and prior; SDK and JRE 1.4.2_18 and prior
|
Description: A vulnerability was reported in the Sun Java Update feature. A remote user with control of the network may be able to cause arbitrary code to be downloaded to the target user's system.
The Java Runtime Environment (JRE) Java Update mechanism does not validate the digital signature of downloaded JRE updates.
Francisco Amato reported this vulnerability.
|
Impact: A remote user with control of the network may be able to cause arbitrary code to be downloaded to the target user's system.
|
Solution: The vendor has issued the following Java SE releases (for Windows 32-bit):
* JDK and JRE 6 Update 11 or later
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1 (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 4 Dec 2008 20:23:56 -0500
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
|
|
|
