¥¿¥¤¥È¥ëJava¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ï²¿¤¬´í¸±¤«¡©¥«¥Æ¥´¥ê¡¼¥Ö¥é¥¦¥¶, ¥Ö¥é¥¦¥¶, Java
ºîÀ®Æü2000/9/12 10:56:36ºîÀ®¼ÔºåÁÒ¡¡°ì
¡üJava¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Î¶á¶·
JSR¡ÊJava Security Report¡Ë¤Ç¤Ï¡¢¤³¤ì¤Þ¤ÇJava¤ËȯÀ¸¤·¤¿¥»¥­¥å¥ê¥Æ¥£´ØÏ¢¤Î¥Ð¥°¤È¤½¤Î¥Ð¥°¤Ø¤ÎÂнè¤Î¥Ë¥å¡¼¥¹¤ò¤ªÅÁ¤¨¤·¤Æ¤­¤¿¡£ºÇ¶á¤Ç¤Ï¡¢"The Brown Orifice Vulnerability"¤È¸Æ¤Ð¤ì¤ëNetscape¤ÎJava VM¤Î¼ÂÁõ¥Ð¥°¤¬ÌÀ¤é¤«¤Ë¤Ê¤Ã¤¿¡£¤³¤Î¥Ð¥°¤Ë¤Ä¤¤¤Æ¤Ï¡¢Netscape4.75¤È¤¤¤¦¥Ð¡¼¥¸¥ç¥ó¤ÇÂкö¤¬¤È¤é¤ì¤Æ¤¤¤ë¤¬¡¢9/11¸½ºß¤³¤Î¥Ð¡¼¥¸¥ç¥ó¤ÎÆüËܸìÈǤϸºß¤»¤º¡¢¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤ÎÂкö¤ò¤È¤ë¤¿¤á¤Ë¤Ï±Ñ¸ìÈǤò»È¤¦¤«¡¢ÆüËܸìÈǤˤª¤¤¤ÆJava¤ò»È¤ï¤Ê¤¤ÀßÄê¤Ë¤¹¤ëɬÍפ¬¤¢¤ë¡£Æ±¤¸¥Ð¥°¤Ï¡¢Sun¤ÎJava¼Â¹Ô´Ä¶­¡ÊJDK1.1.x°Ê²¼¡Ë¤Ë¤â¸ºß¤·¤¿¤¬¡¢¸½ºß„ǤÏÂкö¤¬»Ü¤µ¤ì¤¿Java VM¤¬ÇÛÉÛ¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Java2°Ê¾å¤Î´Ä¶­¤Ë¤Ä¤¤¤Æ¤Ï¡¢º£¤Î¤È¤³¤íÌäÂê¤ÏȯÀ¸¤·¤Æ¤¤¤Ê¤¤¡£
JavaHouse Brewers¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¤Ç¹âÌڻ᤬¤³¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Þ¤È¤á¤¿Ê¸½ñ¤¬°Ê²¼¤ÎURL¤Ë¸ºß¤¹¤ë¡£
¡¡http://java-house.etl.go.jp/ml/archive/j-h-b/036131.html

¡üJava¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ç¤Ï²¿¤¬µ¯¤³¤Ã¤Æ¤¤¤ë¤Î¤«
JSRÆâ¤Ç¤â½Ò¤Ù¤Æ¤¤¤ë¤è¤¦¤Ë¡¢Java¤Ï¡¢ËÜÍè¥Í¥Ã¥È¥ï¡¼¥¯¥»¥­¥å¥ê¥Æ¥£¤Ë¤Ä¤¤¤Æ¤Ï¡¢Sandbox¥â¥Ç¥ë¤òºÎÍѤ·¡¢¤½¤Î°ÂÁ´À­¤òÊݤäƤ¤¤ë¡£SandBox¥â¥Ç¥ë¤È¤Ï¡¢Ä̾ï¤ÎJava ¥¢¥×¥ì¥Ã¥È¤Ï¡¢¥¢¥×¥ì¥Ã¥È¤ò¼Â¹Ô¤·¤Æ¤¤¤ë¥³¥ó¥Ô¥å¡¼¥¿¤Î¥í¡¼¥«¥ë¥ê¥½¡¼¥¹¡Ê¥Õ¥¡¥¤¥ë¤Ê¤É¡Ë¤Ø¤Î¥¢¥¯¥»¥¹¤È¡¢¥¢¥×¥ì¥Ã¥È¤ÎÆɤ߹þ¤ß¸µ¤Î¥³¥ó¥Ô¥å¡¼¥¿°Ê³°¤Î¥³¥ó¥Ô¥å¡¼¥¿¤È¤ÎÄÌ¿®¤ò¶Ø¤¸¤Æ¤¤¤ë¡£Java¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ï¡¢¤³¤ÎSandbox¥â¥Ç¥ë¤¬Àµ¤·¤¯¼ÂÁõ¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤¬ÌäÂê¤È¤Ê¤Ã¤Æ¤¤¤ë¡£Á°½Ò¤Î"The Brown Orifice Vulnerability"¤Ç¤Ï¡¢JavaVM¤ÇSandbox¥â¥Ç¥ë¤òËþ¤¿¤¹¤è¤¦¤Ë¼ÂÁõ¤¹¤Ù¤­¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥¯¥»¥¹¤Îµ¡Ç½¤ò¡¢Netscape¥Ö¥é¥¦¥¶¤Î¥Í¥Ã¥È¥ï¡¼¥¯µ¡Ç½¤Ë´ÝÅꤲ¤·¤Æ¤¤¤ë¤³¤È¤¬¤½¤Î¸¶°ø¤È¸«¤é¤ë¡£
"The Brown Orifice Vulnerability"¤Ë¤Ä¤¤¤Æ¤Ï¡¢°ìÉô¤Ç¤Ï¤½¤ì¤Û¤ÉÂ礭¤¯¤Ê¤¤ÌäÂê¤Î¤è¤¦¤ËÊóÆ»¤µ¤ì¤¿¡£¤·¤«¤·¡¢¸Ä¡¹¤ÎÌäÂê¤ÏÂ礭¤¯¤Ê¤¯¤Æ¤â¡¢¤½¤ì¤é¤òÁȤ߹ç¤ï¤»¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¥æ¡¼¥¶¤ÎÁÛÁü¤ÎÈϰϤòĶ¤¨¤ë¤³¤È¤¬Íưפ˲Äǽ¤È¤Ê¤ë¡£Î㤨¤Ð¡¢"The Brown Orifice Vulnerability"¤Ç¤Ï¡¢¥¢¥×¥ì¥Ã¥È¤ò¼Â¹Ô¤·¤Æ¤¤¤ë¥Ñ¥½¥³¥ó¤Î¥Ç¡¼¥¿¤¬Åð¤Þ¤ì¤ë¤À¤±¤Ç¤Ê¤¯¡¢¤½¤Î¥Ñ¥½¥³¥ó¤Î¥Ö¥é¥¦¥¶¤Î¥Ç¡¼¥¿¤òÍøÍѤ·¤Æ¡¢Firewall¤ÎÆâÉô¤Ç¼é¤é¤ì¤Æ¤¤¤ë¤Ï¤º¤Î¼ÒÆ⥵¡¼¥Ð¤ÎÃæ¿È¤òFirewall³°¤ËžÁ÷¤¹¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ë¡£¤Þ¤µ¤Ë¡¢µÂ¤Î°ì·ê¤«¤éÁȤ߹ç¤ï¤»¤Ç¡¢Â礭¤Ê·ê¤Ë¤Ê¤ë¤È¤¤¤¦Ç§¼±¤ò»ý¤¿¤Ê¤¯¤Æ¤Ï¤¤¤±¤Ê¤¤¤Î¤Ç¤¢¤ë¡£
Ãí°Õ¤·¤Æ¤ª¤­¤¿¤¤¤Î¤Ï¡¢¤³¤ì¤é¤Î¥Ð¥°¤ÏJava¤½¤Î¤â¤Î¤ÎÌäÂê¤Ç¤Ï¤Ê¤¯¡¢¼ÂÁõ¾å¤ÎÌäÂê¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤À¡£¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ë¤è¤ëÌäÂ꤬ȯÀ¸¤¹¤ë¤«¤é¤È¤¤¤Ã¤Æ¡¢Java¤½¤Î¤â¤Î¤Î²ÁÃͤ¬ÊѤï¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¡£

¡üJava¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤ò¼è¤ê´¬¤¯ËÜÅö¤ÎÌäÂê
ËÜÍ褢¤Ã¤Æ¤Ï¤¤¤±¤Ê¤¤¤¬¡¢¥³¥ó¥Ô¥å¡¼¥¿¥½¥Õ¥È¥¦¥¨¥¢¤Ë¤È¤Ã¤Æ¥Ð¥°¤Î¸ºß¤ÏÈò¤±¤é¤ì¤Ê¤¤¡£¤·¤«¤·¡¢Internte¤¬µÞ®¤ËÉáµÚ¤·¡¢Web¥Ö¥é¥¦¥¶¤òï¤Ç¤â¼«Í³¤Ë»È¤¦¤è¤¦¤Ë¤Ê¤Ã¤¿¾õ¶·¤Ç¤Ï¡¢Java¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ë¤Ä¤¤¤Æ¤Ï¤è¤êÃí°Õ¤òʧ¤¦É¬Íפ¬¤¢¤ë¡£
¼«Æ°¼Ö¤Ç¤¢¤ì¤Ð¡¢»ö¸Î¤Ë·ë¤Ó¤Ä¤¯¤è¤¦¤Ê·ç´Ù¤¬¤¢¤ì¤Ðɬ¤º¥ê¥³¡¼¥ë¤µ¤ì¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£¤½¤ì¤Ï¸òÄÌ»ö¸Î¤Î´í¸±À­¤Ë¤Ä¤¤¤Æ¡¢´±Ì±Á´¤Æ¤¬Ç§¼±¤Ç¤­¤Æ¤¤¤ë¤«¤é¤Ç¤¢¤ë¡£¤³¤ÎÅÀ¤ÇJava´ØÏ¢¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥»¥­¥å¥ê¥Æ¥£¤Ë¤Ä¤¤¤Æ¤Îǧ¼±¤¬ÉÔ­¤·¤Æ¤¤¤ë¤Î¤¬Â礭¤ÊÌäÂê¤À¡£Web¥Ö¥é¥¦¥¶¤Î¥á¡¼¥«¡¼¤ÏÈó¾ï¤ËÍưפËWeb¥Ö¥é¥¦¥¶¤ò¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤ë¤è¤¦¤ËÇÛÉÛ¤·¤Æ¤¤¤ë¤¬¡¢Æ±ÍͤÎÍưפµ¤Ç¥ê¥³¡¼¥ë¤Ç¤­¤ë¤è¤¦¤Ë¤Ï¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£
º£¸å¡¢Web¥Ö¥é¥¦¥¶¾å¤ÎJava´Ä¶­¤Î¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤Ë´Ø¤·¤Æ²þÁ±¤µ¤ì¤ë¤Ù¤­ÅÀ¤Ï°Ê²¼¤Î4ÅÀ¤Ç¤¢¤ë¡£

(1)Web¥Ö¥é¥¦¥¶¡¢Java VM¥Ù¥ó¥À¤Ë¤è¤ëÁá´ü¤ÎÅ°ÄìŪ¤Ê¼þÃΡ¢¥ê¥³¡¼¥ë
(2)Áá´ü¤Î¥Ð¥°¥Õ¥£¥Ã¥¯¥¹
(3)¸øŪµ¡´Ø¡¢½à¸øŪµ¡´Ø¤Ë¤è¤ëÅ°ÄìŪ¤Ê¼þÃÎ
(4)¥Í¥Ã¥È¥ï¡¼¥¯¥»¥­¥å¥ê¥Æ¥£¤Ë¤Ä¤¤¤Æ¤Î°Õ¼±¤Î¾úÀ®

·ëÏÀ¤È¤·¤Æ¡¢Internet¤Ï¤¹¤Ç¤Ë¥¤¥ó¥Õ¥é¤Ç¤¢¤ê¡¢Web¥Ö¥é¥¦¥¶¤â¤½¤Î¥¤¥ó¥Õ¥é¤Î°ìÉô¤Ç¤¢¤ë¤È¤¤¤¦¶¦ÄÌǧ¼±¤¬¡¢Á´¤Æ¤Î¥æ¡¼¥¶¡¢¥Ù¥ó¥À¤Ë¤È¤Ã¤ÆɬÍפÀ¡£¤½¤·¤Æ¥ê¥¹¥¯¤Ë´Ø¤¹¤ëÍý²ò¤¬¶¦Í­¤µ¤ì¤ë¤³¤È¤Ë¤è¤ê¡¢¥»¥­¥å¥ê¥Æ¥£¥Ð¥°¤ËÂбþ¤¹¤ëÂÎÀ©¤¬¼è¤ì¤Æ¤¯¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¹Í¤¨¤é¤ì¤ë¡£
[ºåÁÒ¡¡°ì/Java Security Report]
´ØÏ¢¥ê¥ó¥¯Java Security Report