Security issue reported in Sun Java Dynamic Management Kit
Another security issue in the case of Java and this time it has been reported in Sun Java Dynamic Management Kit which can be exploited by local users for gaining escalated privileges. What causes it is the unspecified error in the JMX RMI-IIOP API which can lead to unwanted access to the local data. In order to exploit it a user needs to create a JMX RMI-IIOP server application and a privileged user can connect to the application. There are no predictable symptoms which could signal whether the particular vulnerability had been exploited.
The following versions are facing this security issue:
• Java Dynamic Management Kit 5.1 unbundled product with JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier (for the SPARC, x86, Windows, and Linux platform).
• Solaris 10 with JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier (for the SPARC and x86 platform)
Updates need to be applied in order to counter this problem.