• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Java Virtual Machine Session Hijacking Vulnerability

Solution:
Sun SDK and JRE version 1.4 is not vulnerable. It is available at:

http://java.sun.com/j2se/1.4/

Users of Netscape web clients for various platforms should also ensure that the plug-in virtual machines are not vulnerable. HP has updated Java VM plug-ins (JPI) available for Netscape on HP-UX at: http://www.hp.com/go/java.

Compaq Insight Manager XE has been replaced by Compaq Insight Manager 7. Users should upgrade to Compaq Insight Manager 7 and then apply SP 1.

Some versions of Compaq TRU64 Unix and OpenVMS for Alpha ship with vulnerable versions of Java SDK and JRE. For details on upgrading, please visit the following website:

http://www.compaq.com/java/alpha

To fix Compaq Management Agents, it has been suggested that those affected upgrade to the version of the Java Runtime Environment recommended by Microsoft at the following address:

http://www.microsoft.com/java/vm/dl_vm40.htm

SGI has announced that this issue will be resolved in IRIX 6.5.18. Users are advised to upgrade to this version when it becomes available.

Users of IRIX may also manually install updated versions of the JRE and SDK. Full details are available in the referenced advisory. The updated software is available at the following locations:

http://www.sgi.com/products/evaluation/6.x_java_plugin_1.1.1/
http://www.sgi.com/products/evaluation/6.5_java2_1.3.1_02/

Various vendors have released the following fixes which address this issue:


Compaq Integrated Lights-Out on ProLiant DL360 G2

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq Remote Insight Lights-Out Edition

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Microsoft Virtual Machine 3802 Series

• Microsoft msjavx86
  http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-U S/msjavx86.exe

Compaq Insight Manager XE 1.0

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Sun JDK (Solaris Reference Release) 1.1.8 _007

• Sun JDK and JRE 1.1.8_009 Solaris Reference Release
  http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Reference Release) 1.1.8 _007

• Sun JDK and JRE 1.1.8_009 Solaris Reference Release
  http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Production Release) 1.1.8 _13

• Sun JDK and JRE 1.1.8_15 Solaris Production Release
  http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

HP Java JRE/JDK for HP-UX 1.1.8

• HP Java JDK/JRE 1.1.8.06
  Java 1.1.8 for HP-UX will be obsoleted October 9, 2002. Users and administrators are advised to upgrade to 1.3.1.
  http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/l icense_jdk_os11_1-18-06.html

Sun JRE (Windows Production Release) 1.1.8 _007

• Sun JDK and JRE 1.1.8_009 Windows Production Release
  http://java.sun.com/products/jdk/1.1/download-jdk-windows.html

Sun JDK (Windows Production Release) 1.1.8 _007

• Sun JDK and JRE 1.1.8_009 Windows Production Release
  http://java.sun.com/products/jdk/1.1/download-jdk-windows.html

HP Java SDK/RTE for HP-UX PA-RISC 1.2.2

• HP Java JDK/JRE 1.2.2.12
  http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.htm l

Sun JRE (Windows Production Release) 1.2.2 _010

• Sun SDK and JRE 1.2.2_011
  http://java.sun.com/j2se/1.2/

Sun SDK (Linux Production Release) 1.2.2 _010

• Sun SDK and JRE 1.2.2_011
  http://java.sun.com/j2se/1.2/

Sun SDK (Solaris Production Release) 1.2.2 _10

• Sun SDK and JRE 1.2.2_011
  http://java.sun.com/j2se/1.2/

Sun SDK (Solaris Reference Release) 1.2.2 _010

• Sun SDK and JRE 1.2.2_011
  http://java.sun.com/j2se/1.2/

Compaq Insight Manager XE 1.21

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Sun JRE (Windows Production Release) 1.3 .0_02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Sun JRE (Linux Production Release) 1.3 .0_02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

HP Java SDK/RTE for HP-UX PA-RISC 1.3

• HP Java JDK/JRE 1.3.1.02
  http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index. html

Sun JRE (Windows Production Release) 1.3 .0_04

• Sun SDK and JRE 1.2.2_011
  http://java.sun.com/j2se/1.2/

Sun SDK (Windows Production Release) 1.3 .0_02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Sun SDK (Linux Production Release) 1.3 _02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Sun SDK (Solaris Production Release) 1.3 _02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Sun JRE (Linux Production Release) 1.3 .0_04

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Sun JRE (Solaris Production Release) 1.3 .0_02

• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq Insight Manager XE 2.1

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Compaq Insight Manager XE 2.1 b

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Compaq Insight Manager XE 2.1 c

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Compaq Insight Manager XE 2.2

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Compaq Tru64 4.0 f

• Compaq Java 1.1.8-13
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq Tru64 4.0 g

• Compaq Java 1.1.8-13
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq Tru64 5.0 a

• Compaq Java 1.1.8-13
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq Tru64 5.1

• Compaq Java 1.1.8-13
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Netscape Netscape 6.0 1

• Netscape Netscape 6.2.2
  http://home.netscape.com/computing/download/index.html

Netscape Netscape 6.0

• Netscape Netscape 6.2.2
  http://home.netscape.com/computing/download/index.html

Netscape Communicator 6.1

• Netscape Netscape 6.2.2
  http://home.netscape.com/computing/download/index.html

Compaq Insight Manager 7.0

• Compaq Compaq Insight Manager 7 SP1
  http://www.compaq.com/products/servers/management/cim7-intermediate.ht ml

Compaq OpenVMS 7.2 -2 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq OpenVMS 7.2 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq OpenVMS 7.2 -1H1 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq OpenVMS 7.2 -1H2 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq OpenVMS 7.2.1 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/

Compaq OpenVMS 7.3 Alpha

• Compaq Java 1.1.8-5
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.0-2
  http://www.compaq.com/java/download/index.html


• Compaq Java 1.3.1-2
  http://www.compaq.com/java/download/index.html


• Sun SDK and JRE 1.3.1_02
  http://java.sun.com/j2se/1.3/