[22983] in bugtraq
Re: Sun Security Bulletin #00208
daemon@ATHENA.MIT.EDU (Stanley G. Bubrouski)
Wed Oct 24 15:45:31 2001
Date: Wed, 24 Oct 2001 15:31:26 -0400 (EDT)
From: "Stanley G. Bubrouski" <stan@ccs.neu.edu>
To: "Jay D. Dyson" <jdyson@treachery.net>
Cc: Jay Sekora <jay@ccs.neu.edu>, bugtraq@securityfocus.com
In-Reply-To: <Pine.GSO.3.96.1011024070851.27263A-100000@crypto>
Message-ID: <Pine.GSO.4.21.0110241459340.24856-100000@denali.ccs.neu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Jay,
It's an assumption on my part, but there is a quick way to test. The
problem was originally reported by a japaneese java group who has
frequently in the past focused on MS Java Virtual Machien bugs. There is
a test page for browsers that use the JDK to test for this bug found at:
http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/
The test page is Test.html in that directory and the source of the exploit
is Test.java. Of course using this requires you to have a browser which
uses the JRE included in the JDK or separate ones. Currently Opera,
Mozilla, and Netscape 6 are the only browsers I can think of off the top
of my head that use this.
I suppose you can try downloading and running the applet via cli if you
don't want to install a browser on the system to be sure...
Regards,
Stan
--
Stan Bubrouski stan@ccs.neu.edu
23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
On Wed, 24 Oct 2001, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Wed, 24 Oct 2001, Stanley G. Bubrouski wrote:
>
> > It appears it affects all versions of JDK before 1.3.1x...
>
> I see. Have you made Sun aware of this? :)
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iQCVAwUBO9a9nLlDRyqRQ2a9AQG0hwP+Ol3KQIfxVzzUcNW5N8whPJsAr0NVw2us
> RGd00E+BozRUkOeXGre1t3lEFa5xhrdjQFTIXkAwzteGn3dAimJsfUxVjspFOAZ4
> ST2EoaiSvZ50ESgAnoWZQ50Z7fQTt5pef6M3s6UEZN6laYebnATlRI38GhPaleyR
> CPktPVEc4GQ=
> =M6B8
> -----END PGP SIGNATURE-----
>
