Critical Sun Vulnerability Announced
05 December 2008
FastFacts
- Who: Faculty, Staff, and Students
- What: Critical vulnerability announced (Sun Java Runtime Environment)
- Action: See if you have Sun JRE, and get updates if necessary (test here)
This week, Sun Microsystems announced critical vulnerabilities in the Sun Java Runtime Environment (Sun JRE). Sun JRE is installed by default on all Sun Solaris, Apple Mac OS X, and other Unix and Linux-based operating systems, and is often installed on Microsoft Windows systems.
Are you running the Sun Java Runtime Environment? You can check by going to Sun's Java site. If you have Java, you will be told the version, and if you need to upgrade. If you do not have Java, there is no need to install it.
These vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the current user. In other words, if you run your workstation with administrator privileges, a successful intruder would have full control of your workstation. Programs that run in the Java JRE environment are often opened upon receipt without first prompting the user.
For additional information, see these references:
- Zero Day Initiative Advisories
- iDefense Security Advisories
- Sun Security Advisories
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1
- Virtual Security Research Advisory
- Secunia Security Advisory
- Sun's Java Home Page
- SecurityFocus BID
If you have questions or need more information, please contact 6-TECH at (336) 256-TECH (8324) or 6tech@uncg.edu.