US Sun Microsystems Warns of Security Hole in Java Software

A security vulnerability has been discovered in components of US Sun Microsystems Inc.'s Java software, leaving some servers that run Java open to potential attack, according to a security bulletin issued Friday by Sun and posted on the Bugtraq security list.

The problem affects various releases of versions 1.1 and 1.2 of the Java Runtime Environment for Linux, Microsoft Corp.'s Windows and Sun's own Solaris operating system, the company said in the bulletin.

"To the best of Sun's knowledge" the security hole does not affect Microsoft Corp.'s Internet Explorer browser or Netscape's Navigator software, the Sun said.

In order for the security hole to be exploited, permission must be granted by a computer to run at least one Java command, according to the bulletin. "Since no permission is granted by default, the circumstances necessary to exploit this vulnerability are relatively rare," Sun said.

The California-based vendor did not rule out that the bug may affect Java-based technology created by other vendors, but said it has notified Java licensees and made the fix available to them.

The flaw has already been fixed in Sun's new Java 2 Platform, the company said. However, it does also affect certain releases of the Java Development Kit version 1.1. 6 and 1.1.7B, according to Sun.

Users are advised to upgrade to newer releases of the Java Runtime Environment and the Java Developer Kit.

(www.chinadaily.com.cn)






People's Daily Online --- http://english.peopledaily.com.cn/