Full Disclosure: Re: Re: Sun Java Plugin arbitrary package access vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Re: Sun Java Plugin arbitrary package access vulnerability

From: "Exchange" <pauls () utdallas edu>
Date: Thu, 25 Nov 2004 12:23:20 -0600

----- Original Message ----- 
From: "Alla Bezroutchko" <alla () scanit be>
To: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>
Sent: Thursday, November 25, 2004 4:33 AM
Subject: [Full-disclosure] Re: Sun Java Plugin arbitrary package access
vulnerability


As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even
after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2,
Opera 7.54, J2SE 1.4.2_06).

This wasn't mentioned in the original disclosure announcement, but is it
safe to assume that jre-1.5.0 would *not* be vulnerable?  Or has it not been
tested?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
http://www.utdallas.edu/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen (Nov 22)
- Re: Sun Java Plugin arbitrary package access vulnerability Juergen Schmidt (Nov 23)
- <Possible follow-ups>
- Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko (Nov 25)
  - Re: Re: Sun Java Plugin arbitrary package access vulnerability Exchange (Nov 25)
  - Rumours about Opera Marc Schoenefeld (Nov 25)