Debian DSA-2507-1 : openjdk-6 - several vulnerabilities

NASLDB: Debian DSA-2507-1 : openjdk-6 - several vulnerabilities

General

ID: 59839
Name: Debian DSA-2507-1 : openjdk-6 – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform.

– CVE-2012-1711 CVE-2012-1719
Multiple errors in the CORBA implementation could lead
to breakouts of the Java sandbox.

– CVE-2012-1713
Missing input sanitising in the font manager could lead
to the execution of arbitrary code.

– CVE-2012-1716
The SynthLookAndFeel Swing class could be abused to
break out of the Java sandbox.

– CVE-2012-1717
Several temporary files were created insecurely,
resulting in local information disclosure.

– CVE-2012-1718
Certificate revocation lists were incorrectly
implemented.

– CVE-2012-1723 CVE-2012-1725
Validation errors in the bytecode verifier of the
Hotspot VM could lead to breakouts of the Java sandbox.

– CVE-2012-1724
Missing input sanitising in the XML parser could lead to
denial of service through an infinite loop.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2012-1711
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/07/04
Plugin Release: 2012/07/05

Plugin

Version: 1.6
Filename: debian_DSA-2507.nasl
Filesize: 5124 bytes
MD5 Hash: a16c49c740f499ca9bb8ff82b1a1103e

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG