Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets.

Sun acknowledges, with thanks, Tom Hawtin, for bringing these issues to our attention.

Two vulnerabilities related to serialization in the Java Runtime Environment may independently allow an untrusted applet or application to elevate its privileges.

Sun acknowledges, with thanks, Tom Hawtin, for bringing these issues to our attention.

Two buffer overflow vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges, with thanks, Chris Evans, for bringing these issues to our attention.

Sun Secure Global Desktop (SSGD) software 4.2 is impacted by an RSA signature forgery vulnerability. This vulnerability may allow an untrusted server to present a forged identity to clients connecting to that server when secure connections are in use.

This vulnerability may also affect SSGD servers which are configured to use web server authentication and client certificates. Under these circumstances, it may be possible for a local or remote unprivileged user to forge a valid identity and log in to an SSGD server, allowing unauthorized access to the applications available for that identity.

This issue is also described in the following documents:

CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620

CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Note: The issue described in this Sun Alert is specific to Sun Secure Global Desktop Software. Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

This Sun Alert describes the Sun specific impact of the issues described in the Internet-Draft (I-D) titled "ICMP attacks against TCP" written by Fernando Gont. The I-D describes how TCP(7P) connections could be reset and disconnected as a result of ICMP(7P) error messages. Solaris will not drop established TCP connections based on ICMP errors. There is a theoretical possibility that a TCP connection which is in the process of being set up could be terminated before being established. However, there is no risk of data corruption or compromise in this scenario.

The draft also describes ICMP messages which could impact the performance of existing TCP connections. This issue affects all current versions of Solaris and thus Sun plans on improving how ICMP errors are handled to further mitigate the impact of such ICMP messages.

This issue is also described in the following documents:

IETF Internet Draft at http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-03.txt

CERT Vulnerability Note VU#222750 at http://www.kb.cert.org/vuls/id/222750

CVEs CAN-2004-0790 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0790

CVEs CAN-2004-0791 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791