Test ID:	1.3.6.1.4.1.25623.1.0.61925
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0955
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0955. IBM's 1.4.2 SR12 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) Two file processing vulnerabilities in Java Web Start were found. Using an untrusted Java Web Start application, a remote attacker was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain IBM's 1.4.2 SR12 Java release which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0955.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3104 http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html BugTraq ID: 30140 http://www.securityfocus.com/bid/30140 Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search) http://marc.info/?l=bugtraq&m=122331139823057&w=2 Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search) http://www.securityfocus.com/archive/1/497041/100/0/threaded Cert/CC Advisory: TA08-193A http://www.us-cert.gov/cas/techalerts/TA08-193A.html http://security.gentoo.org/glsa/glsa-200911-02.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565 http://www.redhat.com/support/errata/RHSA-2008-0594.html http://www.redhat.com/support/errata/RHSA-2008-0595.html http://www.redhat.com/support/errata/RHSA-2008-0790.html http://www.redhat.com/support/errata/RHSA-2008-0906.html RedHat Security Advisories: RHSA-2008:0955 http://rhn.redhat.com/errata/RHSA-2008-0955.html http://www.redhat.com/support/errata/RHSA-2008-1043.html http://www.redhat.com/support/errata/RHSA-2008-1044.html http://www.redhat.com/support/errata/RHSA-2008-1045.html http://www.securitytracker.com/id?1020459 http://secunia.com/advisories/31010 http://secunia.com/advisories/31055 http://secunia.com/advisories/31269 http://secunia.com/advisories/31320 http://secunia.com/advisories/31497 http://secunia.com/advisories/31600 http://secunia.com/advisories/31736 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/32436 http://secunia.com/advisories/32826 http://secunia.com/advisories/33194 http://secunia.com/advisories/33236 http://secunia.com/advisories/33237 http://secunia.com/advisories/33238 http://secunia.com/advisories/35065 http://secunia.com/advisories/37386 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1 SuSE Security Announcement: SUSE-SA:2008:042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html SuSE Security Announcement: SUSE-SA:2008:043 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html SuSE Security Announcement: SUSE-SA:2008:045 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html SuSE Security Announcement: SUSE-SR:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://www.vupen.com/english/advisories/2008/2056/references http://www.vupen.com/english/advisories/2008/2740 XForce ISS Database: sun-jre-unspecified-security-bypass(43662) https://exchange.xforce.ibmcloud.com/vulnerabilities/43662 Common Vulnerability Exposure (CVE) ID: CVE-2008-3112 BugTraq ID: 30148 http://www.securityfocus.com/bid/30148 http://www.zerodayinitiative.com/advisories/ZDI-08-042/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102 http://www.securitytracker.com/id?1020452 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 XForce ISS Database: sun-javawebstart-file-create(43666) https://exchange.xforce.ibmcloud.com/vulnerabilities/43666 Common Vulnerability Exposure (CVE) ID: CVE-2008-3113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454 XForce ISS Database: sun-javawebstart-file-manipulation(43667) https://exchange.xforce.ibmcloud.com/vulnerabilities/43667 Common Vulnerability Exposure (CVE) ID: CVE-2008-3114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755 XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668) https://exchange.xforce.ibmcloud.com/vulnerabilities/43668
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.