 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.61132 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2008:0133 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2008:0133. IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A buffer overflow was found in the Java Runtime Environment image-handling code. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) These updated packages also add the following enhancements: * Time zone information has been updated to the latest available information, 2007h. * Accessibility support in AWT can now be disabled through a system property, java.assistive. To support this change, permission to read this property must be added to /opt/IBMJava2-131/jre/lib/security/java.policy. Users of IBMJava2 who have modified this file should add this following line to the grant section: permission java.util.PropertyPermission java.assistive, read All users of IBMJava2 should upgrade to these updated packages, which contain IBM's 1.3.1 SR11 Java release, which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0133.html http://www-128.ibm.com/developerworks/java/jdk/alerts/ http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-3922 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/248 BugTraq ID: 25054 http://www.securityfocus.com/bid/25054 http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml HPdes Security Advisory: HPSBMA02288 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 HPdes Security Advisory: SSRT071465 http://docs.info.apple.com/article.html?artnum=307177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387 http://www.redhat.com/support/errata/RHSA-2007-0818.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0133.html http://www.securitytracker.com/id?1018428 http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com/advisories/27635 http://secunia.com/advisories/28115 http://secunia.com/advisories/30805 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 SuSE Security Announcement: SUSE-SA:2007:056 (Google Search) http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html http://www.vupen.com/english/advisories/2007/2573 http://www.vupen.com/english/advisories/2007/3009 http://www.vupen.com/english/advisories/2007/3861 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: sun-java-class-unauthorized-access(35491) https://exchange.xforce.ibmcloud.com/vulnerabilities/35491 Common Vulnerability Exposure (CVE) ID: CVE-2007-3004 Common Vulnerability Exposure (CVE) ID: CVE-2007-3005 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |