Java Vulnerability
Summary
A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges.
Relevant Versions
This advisory affects the following VDT versions:
Date Announced
2004-12-16
Description
Java 1.4.2_05 and can allow untrusted applets to gain the privileges of a trusted one. This would include reading and writing files as the user running the applet. While applets are not used in the VDT, our install process puts the VDT's java ahead of any system java in your path. Because of this, applets from outside VDT may be run with the JDK that we distribute.
For more information see Sun's security alert.
Solution
Any concerned users are encouraged to upgrade to VDT 1.2.3 or later in order to obtain a patched JDK.
Questions
Please contact
vdt-support@opensciencegrid.org if you have any questions.
