J-Security Center

Title: Sun JRE Arbitrary Command Execution Vulnerability

Severity: LOW

Description:

The Java Runtime Environment (JRE) is a piece of software designed to interpret, execute and run object-oriented Java, providing the minimal functionality needed to execute such code.

A problem has been discovered in the JRE, and could allow the arbitrary execution of code. The problem only affects users of the JRE during circumstances such as the user trusting a piece of code to execute a command. By default, the permission to execute commands is not granted.

Once a user has executed the code, and granted access to the applet or other code to execute a command, it may be possible for the code to execute more than one command. This could permit malicious code to perform unauthorized actions.

Affected Products:

  • Sun JDK (Reference Release) 1.1.6 _007
  • Sun JDK (Reference Release) 1.1.7 B_005
  • Sun JDK (Reference Release) 1.1.8 _003
  • Sun JRE (Linux Production Release) 1.2.2
  • Sun JRE (Linux Production Release) 1.2.2 _003
  • Sun JRE (Linux Production Release) 1.2.2 _004
  • Sun JRE (Linux Production Release) 1.2.2 _005
  • Sun JRE (Linux Production Release) 1.2.2 _006
  • Sun JRE (Linux Production Release) 1.2.2 _007
  • Sun JRE (Linux Production Release) 1.3.0 .0
  • Sun JRE (Linux Production Release) 1.3.0 .0_01
  • Sun JRE (Linux Production Release) 1.3.0 .0_02
  • Sun JRE (Reference Release) 1.1.6 _007
  • Sun JRE (Reference Release) 1.1.7 B_005
  • Sun JRE (Reference Release) 1.1.8 _003
  • Sun JRE (Reference Release) 1.2.1 _003
  • Sun JRE (Reference Release) 1.2.2 _005
  • Sun JRE (Solaris Production Release) 1.1.6
  • Sun JRE (Solaris Production Release) 1.1.7 B
  • Sun JRE (Solaris Production Release) 1.1.8 _10
  • Sun JRE (Solaris Production Release) 1.2.0
  • Sun JRE (Solaris Production Release) 1.2.1
  • Sun JRE (Solaris Production Release) 1.2.2 _05a
  • Sun JRE (Solaris Production Release) 1.2.2 _07
  • Sun JRE (Solaris Production Release) 1.3.0 .0_02
  • Sun JRE (Solaris Reference Release) 1.2.0
  • Sun JRE (Solaris Reference Release) 1.2.1
  • Sun JRE (Solaris Reference Release) 1.2.2 _007
  • Sun JRE (Windows Production Release) 1.2.0
  • Sun JRE (Windows Production Release) 1.2.1
  • Sun JRE (Windows Production Release) 1.2.2 _007
  • Sun JRE (Windows Production Release) 1.3.0 .0_02
  • Sun SDK (Linux Production Release) 1.2.2 _005
  • Sun SDK (Linux Production Release) 1.2.2 _007
  • Sun SDK (Linux Production Release) 1.3.0 .0_02
  • Sun SDK (Reference Release) 1.2.1 _003
  • Sun SDK (Reference Release) 1.2.2 _005
  • Sun SDK (Solaris Production Release) 1.2.0
  • Sun SDK (Solaris Production Release) 1.2.1
  • Sun SDK (Solaris Production Release) 1.2.2 _05a
  • Sun SDK (Solaris Production Release) 1.2.2 _07
  • Sun SDK (Solaris Production Release) 1.3.0 .0_02
  • Sun SDK (Solaris Reference Release) 1.2.0
  • Sun SDK (Solaris Reference Release) 1.2.1
  • Sun SDK (Solaris Reference Release) 1.2.2 _007
  • Sun SDK (Windows Production Release) 1.2.0
  • Sun SDK (Windows Production Release) 1.2.1
  • Sun SDK (Windows Production Release) 1.2.2 _007
  • Sun SDK (Windows Production Release) 1.3.0 .0_02
  • Sun Solaris 2.6
  • Sun Solaris 2.6_x86
  • Sun Solaris 7.0
  • Sun Solaris 7.0_x86
  • Sun Solaris 8
  • Sun Solaris 8_x86

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.