===================================================================== CERT-Renater Note d'Information No. 2006/VULN009 _____________________________________________________________________ DATE : 13/01/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Sun JRE, Sun Java Software Development Kit. ====================================================================== AusCERT Update AU-2006.0002 - [Win][UNIX/Linux] Sun Java vulnerability now being exploited in the wild 13 January 2006 AusCERT Update Summary ---------------------- Product: Sun Java Runtime Environment (JRE) 5.0 update 3 and prior Sun Java Runtime Environment (JRE) 1.4.2_08 and prior Sun Java Runtime Environment (JRE) 1.3.1_15 and prior Sun Java Development Kit 5.0 update 3 and prior Sun Java Software Development Kit 1.4.2_08 and prior Sun Java Software Development Kit 1.3.1_15 and prior Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2005-3906 Ref: ESB-2005.0962 OVERVIEW: US-CERT reports that the Sun Java vulnerability previously described in AusCERT ESB-2005.0962 is now being actively exploited by enticing users to visit a malicious website. [1][2] IMPACT: When a user visits a webpage hosting a malicious Java applet, the remote attacker may execute arbitrary code on the user's computer. MITIGATION: System administrators are encouraged to check that workstations have been updated to a non-vulnerable version of the Java Runtime Environment. The vulnerability is fixed in the following Java versions: SDK and JRE 1.3.1_16 and later SDK and JRE 1.4.2_09 and later JDK and JRE 5.0 Update 4 and later As always, users should avoid clicking on any links in emails or instant messages, unless the email was already expected beforehand. REFERENCES: [1] US-CERT Current Activity http://www.us-cert.gov/current/current_activity.html#javaapi [2] AusCERT ESB-2005.0962 http://www.auscert.org.au/5804 [3] Sun Alert ID 102003 http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102003-1 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================