Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0829

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58484
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0829
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0829. IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges, allowing it to read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435) A buffer overflow in the Java Runtime Environment image handling code was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503) The Java Web Start URL parsing component contains a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) All users of java-ibm-1.5.0 should upgrade to these updated packages, which contain IBM's 1.5.0 SR5a Java release that resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0829.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2435 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/241 BugTraq ID: 23728 http://www.securityfocus.com/bid/23728 http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml http://security.gentoo.org/glsa/glsa-200706-08.xml http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml http://docs.info.apple.com/article.html?artnum=307177 http://osvdb.org/35483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999 http://www.redhat.com/support/errata/RHSA-2007-0817.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securitytracker.com/id?1017986 http://secunia.com/advisories/25069 http://secunia.com/advisories/25283 http://secunia.com/advisories/25413 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26311 http://secunia.com/advisories/26369 http://secunia.com/advisories/28115 http://secunia.com/advisories/29858 http://secunia.com/advisories/30780 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 http://www.vupen.com/english/advisories/2007/1598 http://www.vupen.com/english/advisories/2007/1814 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: javawebstart-classes-privilege-escalation(33984) https://exchange.xforce.ibmcloud.com/vulnerabilities/33984 Common Vulnerability Exposure (CVE) ID: CVE-2007-2788 http://dev2dev.bea.com/pub/advisory/248 BugTraq ID: 24004 http://www.securityfocus.com/bid/24004 BugTraq ID: 24267 http://www.securityfocus.com/bid/24267 CERT/CC vulnerability note: VU#138545 http://www.kb.cert.org/vuls/id/138545 http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml http://scary.beasts.org/security/CESA-2006-004.html http://lists.vmware.com/pipermail/security-announce/2008/000003.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700 http://www.redhat.com/support/errata/RHSA-2007-0956.html http://www.redhat.com/support/errata/RHSA-2007-1086.html http://www.redhat.com/support/errata/RHSA-2008-0100.html http://www.redhat.com/support/errata/RHSA-2008-0133.html http://www.securitytracker.com/id?1018182 http://secunia.com/advisories/25295 http://secunia.com/advisories/26049 http://secunia.com/advisories/26119 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27266 http://secunia.com/advisories/28056 http://secunia.com/advisories/28365 http://secunia.com/advisories/29340 http://secunia.com/advisories/30805 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1 SuSE Security Announcement: SUSE-SA:2007:045 (Google Search) http://www.novell.com/linux/security/advisories/2007_45_java.html SuSE Security Announcement: SUSE-SA:2007:056 (Google Search) http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html http://www.attrition.org/pipermail/vim/2007-July/001696.html http://www.attrition.org/pipermail/vim/2007-July/001697.html http://www.attrition.org/pipermail/vim/2007-July/001708.html http://www.attrition.org/pipermail/vim/2007-December/001862.html http://www.vupen.com/english/advisories/2007/1836 http://www.vupen.com/english/advisories/2007/3009 http://www.vupen.com/english/advisories/2008/0065 XForce ISS Database: sun-java-image-bo(34652) https://exchange.xforce.ibmcloud.com/vulnerabilities/34652 XForce ISS Database: sunjava-iccprofile-overflow(34318) https://exchange.xforce.ibmcloud.com/vulnerabilities/34318 Common Vulnerability Exposure (CVE) ID: CVE-2007-2789 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800 XForce ISS Database: sun-java-virtual-machine-dos(34654) https://exchange.xforce.ibmcloud.com/vulnerabilities/34654 XForce ISS Database: sunjava-bmp-dos(34320) https://exchange.xforce.ibmcloud.com/vulnerabilities/34320 Common Vulnerability Exposure (CVE) ID: CVE-2007-3004 Common Vulnerability Exposure (CVE) ID: CVE-2007-3005 Common Vulnerability Exposure (CVE) ID: CVE-2007-3503 BugTraq ID: 24690 http://www.securityfocus.com/bid/24690 http://osvdb.org/36488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704 http://www.redhat.com/support/errata/RHSA-2007-0818.html http://www.securitytracker.com/id?1018327 http://secunia.com/advisories/25769 http://secunia.com/advisories/26314 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1 http://www.vupen.com/english/advisories/2007/2383 XForce ISS Database: sun-jdk-javadoc-xss(35168) https://exchange.xforce.ibmcloud.com/vulnerabilities/35168 Common Vulnerability Exposure (CVE) ID: CVE-2007-3655 BugTraq ID: 24832 http://www.securityfocus.com/bid/24832 Bugtraq: 20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/473224/100/0/threaded Bugtraq: 20070711 SUN Java JNLP Overflow (Google Search) http://www.securityfocus.com/archive/1/473356/100/0/threaded http://www.exploit-db.com/exploits/30284 http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html http://research.eeye.com/html/advisories/published/AD20070705.html http://osvdb.org/37756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367 http://www.securitytracker.com/id?1018346 http://secunia.com/advisories/25981 http://securityreason.com/securityalert/2874 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1 http://www.vupen.com/english/advisories/2007/2477 XForce ISS Database: sun-java-jnlp-bo(35320) https://exchange.xforce.ibmcloud.com/vulnerabilities/35320 Common Vulnerability Exposure (CVE) ID: CVE-2007-3922 BugTraq ID: 25054 http://www.securityfocus.com/bid/25054 HPdes Security Advisory: HPSBMA02288 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 HPdes Security Advisory: SSRT071465 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387 http://www.securitytracker.com/id?1018428 http://secunia.com/advisories/27635 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 http://www.vupen.com/english/advisories/2007/2573 http://www.vupen.com/english/advisories/2007/3861 XForce ISS Database: sun-java-class-unauthorized-access(35491) https://exchange.xforce.ibmcloud.com/vulnerabilities/35491
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com