Sun Alert ID: 57707
* Synopsis: Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability
* Category: Security
* Product: Java SDK and JRE
* BugIDs: 5037001
* Avoidance: Upgrade
* State: Resolved
* Date Released: 20-Dec-2004
* Date Closed: 20-Dec-2004
* Date Modified:
1. Impact
A vulnerability in the Java Runtime Environment (JRE) involving
object deserialization could be exploited remotely to cause the Java
Virtual Machine to become unresponsive, which is a type of
Denial-of-Service (DoS). This issue can affect the JRE if an
application that runs on it accepts serialized data from an untrusted
source.
Sun acknowledges with thanks, Marc Schoenefeld, for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
* SDK and JRE 1.4.2_05 and earlier, and all 1.4.1 and 1.4.0 releases for Windows, Solaris and Linux
Note: JDK and JRE 5.0 and releases prior to SDK and JRE 1.4 are not affected by this issue.
To determine the version of Java on a system, the following command can be run:
% java -fullversion
java full version 1.4.1_06-b01
3. Symptoms
The Java Runtime Environment (JRE) is unresponsive.
Solution Summary
4. Relief/Workaround
There is no workaround. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following releases:
* SDK and JRE 1.4.2_06 and later for Windows, Solaris, and Linux
Note: It is recommended that affected versions be removed from your
system. For more information, please see the installation notes on the
respective java.sun.com download pages.
"
Posted on Thursday, 06 January 2005 @ 17:22:09 UTC by Paul (2324 reads) [ Trackback ]
