English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57995
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0072
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0072.

IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

Vulnerabilities were discovered in the Java Runtime Environment. An
untrusted applet could use these vulnerabilities to access data from other
applets. (CVE-2006-6736, CVE-2006-6737)

Buffer overflow vulnerabilities were discovered in the Java Runtime
Environment. An untrusted applet could use these flaws to elevate its
privileges, possibly reading and writing local files or executing local
applications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures.
Where an RSA key with exponent 3 is used it may be possible for an attacker
to forge a PKCS #1 v1.5 signature that would be incorrectly verified by
implementations that do not check for excess data in the RSA exponentiation
result of the signature. (CVE-2006-4339)

All users of IBMJava2 should upgrade to these updated packages, which
contain IBM's 1.3.1 SR10a Java release which resolves these issues.

Please note that the packages in this erratum are the same as those we
released on January 24th 2007 with advisories RHBA-2007:0023 and
RHEA-2007:0024. We have issued this security update as these previous
advisories did not specify that they fixed critical security issues. If
you have already updated to those versions of IBMJava you will not need to
apply this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0072.html
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4339
1000148
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1
1016791
http://securitytracker.com/id?1016791
1017522
http://securitytracker.com/id?1017522
102648
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
102656
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1
102657
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
102686
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1
102696
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1
102722
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1
102744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1
102759
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1
19849
http://www.securityfocus.com/bid/19849
20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
20060905 rPSA-2006-0163-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/445231/100/0/threaded
20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
http://www.securityfocus.com/archive/1/445822/100/0/threaded
20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
20070110 VMware ESX server security updates
http://www.securityfocus.com/archive/1/456546/100/200/threaded
200708
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://www.securityfocus.com/archive/1/489739/100/0/threaded
201247
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1
201534
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
21709
http://secunia.com/advisories/21709
21767
http://secunia.com/advisories/21767
21776
http://secunia.com/advisories/21776
21778
http://secunia.com/advisories/21778
21785
http://secunia.com/advisories/21785
21791
http://secunia.com/advisories/21791
21812
http://secunia.com/advisories/21812
21823
http://secunia.com/advisories/21823
21846
http://secunia.com/advisories/21846
21852
http://secunia.com/advisories/21852
21870
http://secunia.com/advisories/21870
21873
http://secunia.com/advisories/21873
21906
http://secunia.com/advisories/21906
21927
http://secunia.com/advisories/21927
21930
http://secunia.com/advisories/21930
21982
http://secunia.com/advisories/21982
22036
http://secunia.com/advisories/22036
22044
http://secunia.com/advisories/22044
22066
http://secunia.com/advisories/22066
22083
http://www.securityfocus.com/bid/22083
22161
http://secunia.com/advisories/22161
22226
http://secunia.com/advisories/22226
22232
http://secunia.com/advisories/22232
22259
http://secunia.com/advisories/22259
22260
http://secunia.com/advisories/22260
22284
http://secunia.com/advisories/22284
22325
http://secunia.com/advisories/22325
22446
http://secunia.com/advisories/22446
22509
http://secunia.com/advisories/22509
22513
http://secunia.com/advisories/22513
22523
http://secunia.com/advisories/22523
22545
http://secunia.com/advisories/22545
22585
http://secunia.com/advisories/22585
22671
http://secunia.com/advisories/22671
22689
http://secunia.com/advisories/22689
22711
http://secunia.com/advisories/22711
22733
http://secunia.com/advisories/22733
22758
http://secunia.com/advisories/22758
22799
http://secunia.com/advisories/22799
22932
http://secunia.com/advisories/22932
22934
http://secunia.com/advisories/22934
22936
http://secunia.com/advisories/22936
22937
http://secunia.com/advisories/22937
22938
http://secunia.com/advisories/22938
22939
http://secunia.com/advisories/22939
22940
http://secunia.com/advisories/22940
22948
http://secunia.com/advisories/22948
22949
http://secunia.com/advisories/22949
23155
http://secunia.com/advisories/23155
23455
http://secunia.com/advisories/23455
23680
http://secunia.com/advisories/23680
23794
http://secunia.com/advisories/23794
23841
http://secunia.com/advisories/23841
23915
http://secunia.com/advisories/23915
24099
http://secunia.com/advisories/24099
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25284
http://secunia.com/advisories/25284
25399
http://secunia.com/advisories/25399
25649
http://secunia.com/advisories/25649
26329
http://secunia.com/advisories/26329
26893
http://secunia.com/advisories/26893
28115
http://secunia.com/advisories/28115
28276
http://www.securityfocus.com/bid/28276
28549
http://www.osvdb.org/28549
31492
http://secunia.com/advisories/31492
38567
http://secunia.com/advisories/38567
38568
http://secunia.com/advisories/38568
41818
http://secunia.com/advisories/41818
60799
http://secunia.com/advisories/60799
ADV-2006-3453
http://www.vupen.com/english/advisories/2006/3453
ADV-2006-3566
http://www.vupen.com/english/advisories/2006/3566
ADV-2006-3730
http://www.vupen.com/english/advisories/2006/3730
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2006-3793
http://www.vupen.com/english/advisories/2006/3793
ADV-2006-3899
http://www.vupen.com/english/advisories/2006/3899
ADV-2006-3936
http://www.vupen.com/english/advisories/2006/3936
ADV-2006-4205
http://www.vupen.com/english/advisories/2006/4205
ADV-2006-4206
http://www.vupen.com/english/advisories/2006/4206
ADV-2006-4207
http://www.vupen.com/english/advisories/2006/4207
ADV-2006-4216
http://www.vupen.com/english/advisories/2006/4216
ADV-2006-4327
http://www.vupen.com/english/advisories/2006/4327
ADV-2006-4329
http://www.vupen.com/english/advisories/2006/4329
ADV-2006-4366
http://www.vupen.com/english/advisories/2006/4366
ADV-2006-4417
http://www.vupen.com/english/advisories/2006/4417
ADV-2006-4586
http://www.vupen.com/english/advisories/2006/4586
ADV-2006-4744
http://www.vupen.com/english/advisories/2006/4744
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2006-5146
http://www.vupen.com/english/advisories/2006/5146
ADV-2007-0254
http://www.vupen.com/english/advisories/2007/0254
ADV-2007-0343
http://www.vupen.com/english/advisories/2007/0343
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-1815
http://www.vupen.com/english/advisories/2007/1815
ADV-2007-1945
http://www.vupen.com/english/advisories/2007/1945
ADV-2007-2163
http://www.vupen.com/english/advisories/2007/2163
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
ADV-2007-2783
http://www.vupen.com/english/advisories/2007/2783
ADV-2007-4224
http://www.vupen.com/english/advisories/2007/4224
ADV-2008-0905
http://www.vupen.com/english/advisories/2008/0905/references
ADV-2010-0366
http://www.vupen.com/english/advisories/2010/0366
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
APPLE-SA-2007-12-14
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
BEA07-169.00
http://dev2dev.bea.com/pub/advisory/238
DSA-1173
http://www.us.debian.org/security/2006/dsa-1173
DSA-1174
http://www.debian.org/security/2006/dsa-1174
FreeBSD-SA-06:19
http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc
GLSA-200609-05
http://security.gentoo.org/glsa/glsa-200609-05.xml
GLSA-200609-18
http://security.gentoo.org/glsa/glsa-200609-18.xml
GLSA-200610-06
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
GLSA-201408-19
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPSBUX02165
http://www.securityfocus.com/archive/1/450327/100/0/threaded
HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
HPSBUX02219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
JVN#51615542
http://jvn.jp/en/jp/JVN51615542/index.html
JVNDB-2012-000079
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html
MDKSA-2006:161
http://www.mandriva.com/security/advisories?name=MDKSA-2006:161
MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
MDKSA-2006:207
http://www.mandriva.com/security/advisories?name=MDKSA-2006:207
OpenPKG-SA-2006.018
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html
OpenPKG-SA-2006.029
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html
RHSA-2006:0661
http://www.redhat.com/support/errata/RHSA-2006-0661.html
RHSA-2007:0062
http://www.redhat.com/support/errata/RHSA-2007-0062.html
RHSA-2007:0072
http://www.redhat.com/support/errata/RHSA-2007-0072.html
RHSA-2007:0073
http://www.redhat.com/support/errata/RHSA-2007-0073.html
RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SSA:2006-257-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306
SSA:2006-310-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955
SSRT061181
SSRT061213
SSRT061239
SSRT061266
SSRT061273
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:055
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
SUSE-SA:2006:061
http://www.novell.com/linux/security/advisories/2006_61_opera.html
SUSE-SA:2007:010
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
SUSE-SR:2006:026
http://www.novell.com/linux/security/advisories/2006_26_sr.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-339-1
http://www.ubuntu.com/usn/usn-339-1
VU#845620
http://www.kb.cert.org/vuls/id/845620
[3.9] 20060908 011: SECURITY FIX: September 8, 2006
http://www.openbsd.org/errata.html
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
http://marc.info/?l=bind-announce&m=116253119512445&w=2
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://docs.info.apple.com/article.html?artnum=307177
http://openvpn.net/changelog.html
http://support.attachmate.com/techdocs/2127.html
http://support.attachmate.com/techdocs/2128.html
http://support.attachmate.com/techdocs/2137.html
http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm
http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf
http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openssl.org/news/secadv_20060905.txt
http://www.opera.com/support/search/supsearch.dml?index=845
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.serv-u.com/releasenotes/
http://www.sybase.com/detail?id=1047991
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
https://issues.rpath.com/browse/RPL-1633
https://issues.rpath.com/browse/RPL-616
https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html
openssl-rsa-security-bypass(28755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28755
oval:org.mitre.oval:def:11656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
Common Vulnerability Exposure (CVE) ID: CVE-2006-6731
http://dev2dev.bea.com/pub/advisory/243
BugTraq ID: 21675
http://www.securityfocus.com/bid/21675
Cert/CC Advisory: TA07-022A
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
CERT/CC vulnerability note: VU#149457
http://www.kb.cert.org/vuls/id/149457
CERT/CC vulnerability note: VU#939609
http://www.kb.cert.org/vuls/id/939609
http://security.gentoo.org/glsa/glsa-200701-15.xml
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml
HPdes Security Advisory: HPSBUX02196
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
HPdes Security Advisory: SSRT071318
http://scary.beasts.org/security/CESA-2005-008.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10134
http://securitytracker.com/id?1017425
http://secunia.com/advisories/23445
http://secunia.com/advisories/23650
http://secunia.com/advisories/23835
http://secunia.com/advisories/24189
http://secunia.com/advisories/24468
http://secunia.com/advisories/25283
http://secunia.com/advisories/25404
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
SuSE Security Announcement: SUSE-SA:2007:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.vupen.com/english/advisories/2006/5073
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
Common Vulnerability Exposure (CVE) ID: CVE-2006-6736
BugTraq ID: 21674
http://www.securityfocus.com/bid/21674
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729
http://securitytracker.com/id?1017427
http://secunia.com/advisories/23398
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.vupen.com/english/advisories/2006/5075
Common Vulnerability Exposure (CVE) ID: CVE-2006-6737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.