Multiple Vendor Java Virtual Machine Session Hijacking Vulnerability

Solution:
Sun SDK and JRE version 1.4 is not vulnerable. It is available at:

http://java.sun.com/j2se/1.4/

Users of Netscape web clients for various platforms should also ensure that the plug-in virtual machines are not vulnerable. HP has updated Java VM plug-ins (JPI) available for Netscape on HP-UX at: http://www.hp.com/go/java.

Compaq Insight Manager XE has been replaced by Compaq Insight Manager 7. Users should upgrade to Compaq Insight Manager 7 and then apply SP 1.

Some versions of Compaq TRU64 Unix and OpenVMS for Alpha ship with vulnerable versions of Java SDK and JRE. For details on upgrading, please visit the following website:

http://www.compaq.com/java/alpha

To fix Compaq Management Agents, it has been suggested that those affected upgrade to the version of the Java Runtime Environment recommended by Microsoft at the following address:

http://www.microsoft.com/java/vm/dl_vm40.htm

SGI has announced that this issue will be resolved in IRIX 6.5.18. Users are advised to upgrade to this version when it becomes available.

Users of IRIX may also manually install updated versions of the JRE and SDK. Full details are available in the referenced advisory. The updated software is available at the following locations:

http://www.sgi.com/products/evaluation/6.x_java_plugin_1.1.1/
http://www.sgi.com/products/evaluation/6.5_java2_1.3.1_02/

Various vendors have released the following fixes which address this issue:


Compaq Integrated Lights-Out on ProLiant DL360 G2

Compaq Remote Insight Lights-Out Edition

Microsoft Virtual Machine 3802 Series

Compaq Insight Manager XE 1.0

Sun JDK (Solaris Reference Release) 1.1.8 _007

Sun JRE (Solaris Reference Release) 1.1.8 _007

Sun JRE (Solaris Production Release) 1.1.8 _13

HP Java JRE/JDK for HP-UX 1.1.8

Sun JRE (Windows Production Release) 1.1.8 _007

Sun JDK (Windows Production Release) 1.1.8 _007

HP Java SDK/RTE for HP-UX PA-RISC 1.2.2

Sun JRE (Windows Production Release) 1.2.2 _010

Sun SDK (Linux Production Release) 1.2.2 _010

Sun SDK (Solaris Production Release) 1.2.2 _10

Sun SDK (Solaris Reference Release) 1.2.2 _010

Compaq Insight Manager XE 1.21

Sun JRE (Windows Production Release) 1.3 .0_02

Sun JRE (Linux Production Release) 1.3 .0_02

HP Java SDK/RTE for HP-UX PA-RISC 1.3

Sun JRE (Windows Production Release) 1.3 .0_04

Sun SDK (Windows Production Release) 1.3 .0_02

Sun SDK (Linux Production Release) 1.3 _02

Sun SDK (Solaris Production Release) 1.3 _02

Sun JRE (Linux Production Release) 1.3 .0_04

Sun JRE (Solaris Production Release) 1.3 .0_02

Compaq Insight Manager XE 2.1

Compaq Insight Manager XE 2.1 b

Compaq Insight Manager XE 2.1 c

Compaq Insight Manager XE 2.2

Compaq Tru64 4.0 f

Compaq Tru64 4.0 g

Compaq Tru64 5.0 a

Compaq Tru64 5.1

Netscape Netscape 6.0 1

Netscape Netscape 6.0

Netscape Communicator 6.1

Compaq Insight Manager 7.0

Compaq OpenVMS 7.2 -2 Alpha

Compaq OpenVMS 7.2 Alpha

Compaq OpenVMS 7.2 -1H1 Alpha

Compaq OpenVMS 7.2 -1H2 Alpha

Compaq OpenVMS 7.2.1 Alpha

Compaq OpenVMS 7.3 Alpha


 

Privacy Statement
Copyright 2010, SecurityFocus