Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200411-38 (Java)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.54759

Kategorie: Gentoo Local Security Checks

Titel: Gentoo Security Advisory GLSA 200411-38 (Java)

Zusammenfassung: The remote host is missing updates announced in;advisory GLSA 200411-38.

Beschreibung: Summary:
The remote host is missing updates announced in
advisory GLSA 200411-38.

Vulnerability Insight:
The Java plug-in security in Sun and Blackdown Java environments can be
bypassed to access arbitrary packages, allowing untrusted Java applets to
perform unrestricted actions on the host system.

Solution:
All Sun JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06'

All Sun JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06'

All Blackdown JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01'

All Blackdown JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01'

Note: You should unmerge all vulnerable versions to be fully protected.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-1029
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
BugTraq ID: 12317
http://www.securityfocus.com/bid/12317
CERT/CC vulnerability note: VU#760344
http://www.kb.cert.org/vuls/id/760344
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://jouko.iki.fi/adv/javaplugin.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
http://secunia.com/advisories/13271
http://secunia.com/advisories/29035
http://securityreason.com/securityalert/61
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
http://www.vupen.com/english/advisories/2008/0599
XForce ISS Database: sdk-jre-applet-restriction-bypass(18188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.54759
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200411-38 (Java)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200411-38.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200411-38. Vulnerability Insight: The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. Solution: All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01' Note: You should unmerge all vulnerable versions to be fully protected. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1029 http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html BugTraq ID: 12317 http://www.securityfocus.com/bid/12317 CERT/CC vulnerability note: VU#760344 http://www.kb.cert.org/vuls/id/760344 http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://jouko.iki.fi/adv/javaplugin.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 http://www.vupen.com/english/advisories/2008/0599 XForce ISS Database: sdk-jre-applet-restriction-bypass(18188) https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Copyright	Copyright (C) 2008 E-Soft Inc.