Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200411-38 (Java)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54759

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200411-38 (Java)

Resumen: The remote host is missing updates announced in;advisory GLSA 200411-38.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200411-38.

Vulnerability Insight:
The Java plug-in security in Sun and Blackdown Java environments can be
bypassed to access arbitrary packages, allowing untrusted Java applets to
perform unrestricted actions on the host system.

Solution:
All Sun JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06'

All Sun JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06'

All Blackdown JDK users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01'

All Blackdown JRE users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01'

Note: You should unmerge all vulnerable versions to be fully protected.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1029
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
BugTraq ID: 12317
http://www.securityfocus.com/bid/12317
CERT/CC vulnerability note: VU#760344
http://www.kb.cert.org/vuls/id/760344
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://jouko.iki.fi/adv/javaplugin.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
http://secunia.com/advisories/13271
http://secunia.com/advisories/29035
http://securityreason.com/securityalert/61
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
http://www.vupen.com/english/advisories/2008/0599
XForce ISS Database: sdk-jre-applet-restriction-bypass(18188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54759
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200411-38 (Java)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200411-38.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200411-38. Vulnerability Insight: The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. Solution: All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01' Note: You should unmerge all vulnerable versions to be fully protected. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1029 http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html BugTraq ID: 12317 http://www.securityfocus.com/bid/12317 CERT/CC vulnerability note: VU#760344 http://www.kb.cert.org/vuls/id/760344 http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://jouko.iki.fi/adv/javaplugin.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 http://www.vupen.com/english/advisories/2008/0599 XForce ISS Database: sdk-jre-applet-restriction-bypass(18188) https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Copyright	Copyright (C) 2008 E-Soft Inc.