Conectiva Local Security Checks : Conectiva Security Advisory CLSA-2005:977 (sun-jre)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55069

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLSA-2005:977 (sun-jre)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLSA-2005:977.

1. CVE-2005-0836
Jouko Pynnonen reported a vulnerability in Java
Web Start which allows applications to escape the
java sandbox and thus obtain higher privileges,
such as being able to read and write to local files
and execute other programs.

2. CVE-2005-1974
Adam Gowdiak reported a vulnerability in the JRE
where an untrusted appled may elevate its privileges.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000977
http://www.javasoft.com
http://marc.theaimsgroup.com/?l=full-disclosure&m=111117284323657&w=2

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0836
BugTraq ID: 12847
http://www.securityfocus.com/bid/12847
http://marc.info/?l=full-disclosure&m=111117284323657&w=2
http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml
http://jouko.iki.fi/adv/ws.html
http://secunia.com/advisories/14640
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000200.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200255-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1
SuSE Security Announcement: SUSE-SA:2005:032 (Google Search)
http://www.novell.com/linux/security/advisories/2005_32_java2.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-1974
BugTraq ID: 13958
http://www.securityfocus.com/bid/13958
HPdes Security Advisory: HPSBMA01234
http://marc.info/?l=bugtraq&m=112992075412844&w=2
HPdes Security Advisory: HPSBUX01215
http://marc.info/?l=bugtraq&m=112861772130119&w=2
HPdes Security Advisory: SSRT051004
HPdes Security Advisory: SSRT051052
http://securitytracker.com/id?1015643
http://secunia.com/advisories/17272
http://securityreason.com/securityalert/56
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1
http://www.vupen.com/english/advisories/2005/2150

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55069
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:977 (sun-jre)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:977. 1. CVE-2005-0836 Jouko Pynnonen reported a vulnerability in Java Web Start which allows applications to escape the java sandbox and thus obtain higher privileges, such as being able to read and write to local files and execute other programs. 2. CVE-2005-1974 Adam Gowdiak reported a vulnerability in the JRE where an untrusted appled may elevate its privileges. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000977 http://www.javasoft.com http://marc.theaimsgroup.com/?l=full-disclosure&m=111117284323657&w=2 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0836 BugTraq ID: 12847 http://www.securityfocus.com/bid/12847 http://marc.info/?l=full-disclosure&m=111117284323657&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml http://jouko.iki.fi/adv/ws.html http://secunia.com/advisories/14640 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000200.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200255-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1 SuSE Security Announcement: SUSE-SA:2005:032 (Google Search) http://www.novell.com/linux/security/advisories/2005_32_java2.html Common Vulnerability Exposure (CVE) ID: CVE-2005-1974 BugTraq ID: 13958 http://www.securityfocus.com/bid/13958 HPdes Security Advisory: HPSBMA01234 http://marc.info/?l=bugtraq&m=112992075412844&w=2 HPdes Security Advisory: HPSBUX01215 http://marc.info/?l=bugtraq&m=112861772130119&w=2 HPdes Security Advisory: SSRT051004 HPdes Security Advisory: SSRT051052 http://securitytracker.com/id?1015643 http://secunia.com/advisories/17272 http://securityreason.com/securityalert/56 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1 http://www.vupen.com/english/advisories/2005/2150
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com