Re: Sun Java Plugin arbitrary package access vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Sun Java Plugin arbitrary package access vulnerability
From: Ken S <ken.securitylist@xxxxxxxxx>
Date: Tue, 23 Nov 2004 16:35:48 -0600
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=W+loh3QN7H5dKetWYvyMQ9WsQb+0K90KFg4q7aqId1Uvq8YkXKo0YjFPVdkSxMFA+UroUFosqrmvGF5SkiWr8ox9zfTXxMzQfqMyBxyRozb9fCJmadG8d1pWDfP2+D8WV32iDBpWYjSW1ksJwtNctNDxhN3ITnMrOHrg9VHryAg=
In-reply-to: <20041123070248.GA25385@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20041123070248.GA25385@xxxxxxxxxxxx>
Reply-to: Ken S <ken.securitylist@xxxxxxxxx>

Experts.  

None of the advisories I've read indicate that you have to uninstall
earlier versions of the JRE to mitigate this vulnerability. However, I
assume this would be required.  Is that correct?

Thanks,

Ken

References:
- Sun Java Plugin arbitrary package access vulnerability
  - From: Jouko Pynnonen

Prev by Date: [CLA-2004:894] Conectiva Security Announcement - shadow-utils
Next by Date: Windows Mobile Pocket PC Security
Previous by thread: Sun Java Plugin arbitrary package access vulnerability
Next by thread: Re: Sun Java Plugin arbitrary package access vulnerability
Index(es):
- Date
- Thread