[22989] in bugtraq
Re: Sun Security Bulletin #00208
daemon@ATHENA.MIT.EDU (Avery Buffington)
Wed Oct 24 22:39:05 2001
Message-ID: <3BD6FB77.14EF619F@fundsxpress.com>
Date: Wed, 24 Oct 2001 12:33:43 -0500
From: Avery Buffington <avery@fundsxpress.com>
MIME-Version: 1.0
Cc: bugtraq@securityfocus.com
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msCEEC75D354460C204D6B8A45"
--------------msCEEC75D354460C204D6B8A45
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
If I'm reading the advisory correctly this appears to only effect a sun
box using the VM in a "workstation" type environment where a rogue
applet could grab the contents (if any) from the clipboard, correct? If
the VM is not being used in conjunction with a browser and/or window
manager there is little to no harm in this bug, right??
-avery
Jay Sekora wrote:
>
> >From the Sun Security Bulletin:
> > 2. Affected Releases
> >
> > The following releases are affected:
>
> [...]
>
> > Solaris OE Production Releases
> >
> > SDK and JRE 1.3.0_02 or earlier
> > SDK and JRE 1.2.2_07 or earlier
> > SDK and JRE 1.2.1
> > SDK and JRE 1.2
>
> The version of the JDK that is shipped with Solaris 8 4/01 is
> (according to "/bin/java -version") "build Solaris_JDK_1.2.2_07a".
> Note trailing "a". Does anybody know for certain whether that counts
> as "SDK and JRE 1.2.2_07 or earlier" for purposes of this discussion?
> (We do lots of Java coursework here, and I'd prefer not to upgrade
> under people while school is in session if it can safely be avoided.)
>
> Sincerely,
>
> Jay Sekora
> for <systems@ccs.neu.edu>
--
****************************
Avery Buffington
Portal System Administrator
FundsXpress Financial Network
avery@fundsxpress.com
****************************
"Let's call it an accidental feature." --Larry Wall
--------------msCEEC75D354460C204D6B8A45
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIH4gYJKoZIhvcNAQcCoIIH0zCCB88CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BbUwggKEMIIB7aADAgECAgMD790wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw
EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh
d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg
RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMTAxMDkyMTA4NTJaFw0wMjAxMDkyMTA4NTJa
MEcxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxJDAiBgkqhkiG9w0BCQEWFWF2
ZXJ5QGZ1bmRzeHByZXNzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz1HsmIEb
IlwJHsRk53QioHzwB9kaRCucnZLFwcUydbhnY6t7mPEiZH9QqCR+tC9oAjOL6hQpnrZwImJ1
NcGQt7En7oRqeFbh3tz6842kmYP34jPipmN0BEDs7+SKDJg5e0A8VAVM7/WEpL+iv9BMDmJd
sWkuQkj/yPPjJHj7wGcCAwEAAaMyMDAwIAYDVR0RBBkwF4EVYXZlcnlAZnVuZHN4cHJlc3Mu
Y29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAvtq+mWHZGsuN/ISFQGmxoOpQ
08w/KRbja0i4RjKIxybcvyJJHz7ji3wsMopUKuClulp3OadZCA47SbNaqsFyQjukXXEq5JzV
TxKP28/UgAEX7LODYCc3tvU4mVxUdQ7r2EtY93AMZggH91Ttx/fdf1T/tjAhKTa47pyJVk6X
eTIwggMpMIICkqADAgECAgEMMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEVMBMG
A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0
ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
MSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEW
HHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDAwODMwMDAwMDAwWhcNMDIwODI5
MjM1OTU5WjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UE
BxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNl
cnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMzKmY8cJJUU+0m54J2eBxdqIGYKXDuNEKYpjNSpt
cDz63K737nRvMLwzkH/5NHGgo22Y8cNPomXbDfpL8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL2
17CR3hzpq+AYA6h8Q0JQUYeDPPA5tJtUihOH/7ObnUlmAC0JieyUa+mhaQIDAQABo04wTDAp
BgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0yOTcwEgYDVR0TAQH/BAgw
BgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAcxtvJmWL/xU0S1liiu1E
vknH6A27j7kNaiYqYoQfuIdjdBxtt88aU5FL4c3mONntUPQ6bDSSrOaSnG7BIwHCCafvS65y
3QZn9VBvLli4tgvBUFe17BzX7xe21Yibt6KIGu05Wzl9NPy2lhglTWr0ncXDkS+plrgFPFL8
3eliA0gxggH1MIIB8QIBATCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENl
cnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAw
MC44LjMwAgMD790wCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wMTEwMjQxNzMzNDVaMCMGCSqGSIb3DQEJBDEWBBRBiDKOwiQrMApM
n1dTxVoOT4ljdjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
gDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
AASBgLeqTwUJKxGRZl1UnMel29nxDZ6jG+4gchg4UDlabQOQxeKEcGv2+uhtDLuQ2+PxJYZd
ghtAYKVTvQwhPyE/zlS3y8/C+QYxd0CkXkL0G4sdnOC2sx661aRrow4CSGewSiJ1mf1Q+enh
dw5CR/P18DG/HinVaPMpwvBfmpurkg0z
--------------msCEEC75D354460C204D6B8A45--
