Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Sun Java Runtime Security

from [Brian A. Reiter] Network Security [Permanent Link]
Subject: RE: Sun Java Runtime Security
Date: Wed, 8 Mar 2006 14:16:13 -0500 
If I apply the latest 
Sun Java 2 Runtime and I have older versions installed as 
well can someone execute a vulnerability that exists in the 
older runtime?
 


Yes the vulnerability still exists in the old runtimes. Your risk is not
100% mitigated unless you removed the old JVMs. However there are mitigating
factors: Your web browser won't load the old VM by default, it loads the
latest one. Also, on Windows, the Java installer puts a copy of the latest
java.exe, javaw.exe and javaws.exe in the %SYSTEMROOT%\system32. This
directory is implicitly in the start of your %PATH% on windows (after the
current directory), so that any Java apps that are invoked with the
assumption that the Java runtime will be in the path (eg "javaw -jar
myjar.jar") will use the latest runtime.

On the other hand applications that have coded the path to the JVM in their
configuration files (like Netbeans) or .lnk shortcuts will continue to load
a vulnerable version of the JVM.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Sun Java Runtime Security, kevin . kaminski
Next by Date:  RE: Sun Java Runtime Security, Bergert, David
Previous by Thread:  Sun Java Runtime Security, kevin . kaminski
Next by Thread:  RE: Sun Java Runtime Security, Bergert, David
Indexes:  [Date] [Thread] [Top] [All Lists]