Re: Sun Security Bulletin #00208

["Stanley G. Bubrouski" <stan () ccs neu edu>]

Jay,

It's an assumption on my part, but there is a quick way to test.  The
problem was originally reported by a japaneese java group who has
frequently in the past focused on MS Java Virtual Machien bugs.  There is
a test page for browsers that use the JDK to test for this bug found at:

http://java-house.etl.go.jp/~takagi/java/security/mrj-clipboard/

The test page is Test.html in that directory and the source of the exploit
is Test.java.  Of course using this requires you to have a browser which
uses the JRE included in the JDK or separate ones.  Currently Opera,
Mozilla, and Netscape 6 are the only browsers I can think of off the top
of my head that use this.

I suppose you can try downloading and running the applet via cli if you
don't want to install a browser on the system to be sure...

Regards,

Stan

--
Stan Bubrouski                                       stan () ccs neu edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284


On Wed, 24 Oct 2001, Jay D. Dyson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Wed, 24 Oct 2001, Stanley G. Bubrouski wrote:
>
> > It appears it affects all versions of JDK before 1.3.1x...
>
>       I see.  Have you made Sun aware of this?  :)
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iQCVAwUBO9a9nLlDRyqRQ2a9AQG0hwP+Ol3KQIfxVzzUcNW5N8whPJsAr0NVw2us
> RGd00E+BozRUkOeXGre1t3lEFa5xhrdjQFTIXkAwzteGn3dAimJsfUxVjspFOAZ4
> ST2EoaiSvZ50ESgAnoWZQ50Z7fQTt5pef6M3s6UEZN6laYebnATlRI38GhPaleyR
> CPktPVEc4GQ=
> =M6B8
> -----END PGP SIGNATURE-----