English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61925
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0955
Summary:Redhat Security Advisory RHSA-2008:0955
Description:
The remote host is missing updates announced in
advisory RHSA-2008:0955.

IBM's 1.4.2 SR12 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

Two file processing vulnerabilities in Java Web Start were found. Using an
untrusted Java Web Start application, a remote attacker was able to create
or delete arbitrary files with the permissions of the user running the
untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

All users of java-1.4.2-ibm are advised to upgrade to these updated
packages, which contain IBM's 1.4.2 SR12 Java release which resolves these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0955.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497041/100/0/threaded
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://www.redhat.com/support/errata/RHSA-2008-0594.html
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0790.html
RedHat Security Advisories: RHSA-2008:0955
http://rhn.redhat.com/errata/RHSA-2008-0955.html
http://www.redhat.com/support/errata/RHSA-2008-1043.html
http://www.redhat.com/support/errata/RHSA-2008-1044.html
http://www.redhat.com/support/errata/RHSA-2008-1045.html
http://www.redhat.com/support/errata/RHSA-2008-0906.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Cert/CC Advisory: TA08-193A
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
BugTraq ID: 30140
http://www.securityfocus.com/bid/30140
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9565
http://secunia.com/advisories/35065
http://secunia.com/advisories/37386
http://secunia.com/advisories/31736
http://www.vupen.com/english/advisories/2008/2056/references
http://www.vupen.com/english/advisories/2008/2740
http://www.securitytracker.com/id?1020459
http://secunia.com/advisories/31010
http://secunia.com/advisories/31055
http://secunia.com/advisories/31269
http://secunia.com/advisories/31320
http://secunia.com/advisories/31497
http://secunia.com/advisories/31600
http://secunia.com/advisories/32018
http://secunia.com/advisories/32180
http://secunia.com/advisories/32179
http://secunia.com/advisories/32436
http://secunia.com/advisories/32826
http://secunia.com/advisories/33236
http://secunia.com/advisories/33237
http://secunia.com/advisories/33238
http://secunia.com/advisories/33194
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
http://xforce.iss.net/xforce/xfdb/43662
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
http://www.zerodayinitiative.com/advisories/ZDI-08-042/
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
BugTraq ID: 30148
http://www.securityfocus.com/bid/30148
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11102
http://www.securitytracker.com/id?1020452
XForce ISS Database: sun-javawebstart-file-create(43666)
http://xforce.iss.net/xforce/xfdb/43666
Common Vulnerability Exposure (CVE) ID: CVE-2008-3113
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10454
XForce ISS Database: sun-javawebstart-file-manipulation(43667)
http://xforce.iss.net/xforce/xfdb/43667
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9755
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
http://xforce.iss.net/xforce/xfdb/43668
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.