Java Runtime Environment (JRE) JMX Function Lets Remote Users Perform Unspecified Operations
|
|
SecurityTracker Alert ID: 1020458 |
|
SecurityTracker URL: http://securitytracker.com/id/1020458
|
|
CVE Reference:
CVE-2008-3103
(Links to External Site)
|
Date: Jul 10 2008
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): JDK and JRE 5.0 Update 15, JDK and JRE 6 Update 6; and prior versions
|
Description:
A vulnerability was reported in Java Runtime Environment (JRE) in the Java Management Extensions capability. A remote user can perform certain functions on the target system.
A remote user with a Java Management Extensions (JMX) management agent client can perform unauthorized operations on a target system that is running JMX with local monitoring enabled.
SDK and JRE 1.4.x and 1.3.x are not affected.
|
Impact:
A remote user can perform unspecified operations on the target system.
|
Solution:
Sun has issued the following fixes.
* JDK and JRE 6 Update 7 or later
* JDK and JRE 5.0 Update 16 or later
JDK and JRE 6 Update 7 is available for download at the following links:
http://java.sun.com/javase/downloads/index.jsp
http://java.com/
JRE 6 Updates are available through the Java Update tool for Microsoft Windows users.
JDK 6 Update 7 for Solaris is available in the following patches:
* Java SE 6 Update 7 (as delivered in patch 125136-09 or later)
* Java SE 6 Update 7 (as delivered in patch 125137-09 or later (64bit))
* Java SE 6_x86 Update 7 (as delivered in patch 125138-09 or later)
* Java SE 6_x86 Update 7 (as delivered in patch 125139-09 or later (64bit))
JDK and JRE 5.0 Update 16 is available for download at the following link:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JDK 5.0 Update 16 for Solaris is available in the following patches:
* J2SE 5.0 Update 16 (as delivered in patch 118666-17)
* J2SE 5.0 Update 16 (as delivered in patch 118667-17 (64bit))
* J2SE 5.0_x86 Update 16 (as delivered in patch 118668-17)
* J2SE 5.0_x86 Update 16 (as delivered in patch 118669-17 (64bit))
Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:
http://java.com/en/download/help/uninstall_java.xml
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
