NASLDB: SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)
General
ID: 43859
Name: SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)
Summary: Checks rpm output for the updated packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: SuSE Local Security Checks
Type: Local
Description
IBM Java 1.4.2 was updated to 13 fp3.
The following security issues were fixed: CVE-2009-3867: A buffer
overflow vulnerability in the Java Runtime Environment audio system
might allow an untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet might grant
itself permissions to read and write local files, or run local
applications that are accessible to the user running the untrusted
applet.
– A security vulnerability in the Java Runtime Environment
with verifying HMAC digests might allow authentication
to be bypassed. This action can allow a user to forge a
digital signature that would be accepted as valid.
Applications that validate HMAC-based digital signatures
might be vulnerable to this type of attack.
(CVE-2009-3875)
– A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3869)
– A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3871)
– An integer overflow vulnerability in the Java Runtime
Environment with processing JPEG images might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3874)
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2009-3867
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2010/01/05
Plugin Release: 2010/01/12
Plugin
Version: 1.11
Filename: suse_java-1_4_2-ibm-6757.nasl
Filesize: 5967 bytes
MD5 Hash: 3a3ab0f835a4c11079bd694d76738863
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2010-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack