Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

Java Vulnerability

Summary

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges.

Relevant Versions

This advisory affects the following VDT versions:

Date Announced

2004-12-16

Description

Java 1.4.2_05 and can allow untrusted applets to gain the privileges of a trusted one. This would include reading and writing files as the user running the applet. While applets are not used in the VDT, our install process puts the VDT's java ahead of any system java in your path. Because of this, applets from outside VDT may be run with the JDK that we distribute.

For more information see Sun's security alert.

Solution

Any concerned users are encouraged to upgrade to VDT 1.2.3 or later in order to obtain a patched JDK.

Questions

Please contact vdt-support@opensciencegrid.org if you have any questions.