Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58484
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0829
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0829.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A security vulnerability in the Java Web Start component was discovered. An
untrusted application could elevate it's privileges, allowing it to read
and write local files that are accessible to the user running the Java Web
Start application. (CVE-2007-2435)

A buffer overflow in the Java Runtime Environment image handling code was
found. An untrusted applet or application could use this flaw to elevate
its privileges and potentially execute arbitrary code as the user running
the java virtual machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004)

An unspecified vulnerability was discovered in the Java Runtime
Environment. An untrusted applet or application could cause the java
virtual machine to become unresponsive. (CVE-2007-3005)

The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contains a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)

A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting
to services hosted on the machine that executed the applet. (CVE-2007-3922)

All users of java-ibm-1.5.0 should upgrade to these updated packages, which
contain IBM's 1.5.0 SR5a Java release that resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0829.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2435
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/241
BugTraq ID: 23728
http://www.securityfocus.com/bid/23728
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
http://security.gentoo.org/glsa/glsa-200706-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://docs.info.apple.com/article.html?artnum=307177
http://osvdb.org/35483
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
http://www.redhat.com/support/errata/RHSA-2007-0817.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securitytracker.com/id?1017986
http://secunia.com/advisories/25069
http://secunia.com/advisories/25283
http://secunia.com/advisories/25413
http://secunia.com/advisories/25474
http://secunia.com/advisories/25832
http://secunia.com/advisories/26311
http://secunia.com/advisories/26369
http://secunia.com/advisories/28115
http://secunia.com/advisories/29858
http://secunia.com/advisories/30780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
http://www.vupen.com/english/advisories/2007/1598
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/4224
XForce ISS Database: javawebstart-classes-privilege-escalation(33984)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
Common Vulnerability Exposure (CVE) ID: CVE-2007-2788
http://dev2dev.bea.com/pub/advisory/248
BugTraq ID: 24004
http://www.securityfocus.com/bid/24004
BugTraq ID: 24267
http://www.securityfocus.com/bid/24267
CERT/CC vulnerability note: VU#138545
http://www.kb.cert.org/vuls/id/138545
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
http://scary.beasts.org/security/CESA-2006-004.html
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://www.securitytracker.com/id?1018182
http://secunia.com/advisories/25295
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://secunia.com/advisories/26631
http://secunia.com/advisories/26645
http://secunia.com/advisories/26933
http://secunia.com/advisories/27203
http://secunia.com/advisories/27266
http://secunia.com/advisories/28056
http://secunia.com/advisories/28365
http://secunia.com/advisories/29340
http://secunia.com/advisories/30805
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://www.attrition.org/pipermail/vim/2007-July/001696.html
http://www.attrition.org/pipermail/vim/2007-July/001697.html
http://www.attrition.org/pipermail/vim/2007-July/001708.html
http://www.attrition.org/pipermail/vim/2007-December/001862.html
http://www.vupen.com/english/advisories/2007/1836
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2008/0065
XForce ISS Database: sun-java-image-bo(34652)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34652
XForce ISS Database: sunjava-iccprofile-overflow(34318)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34318
Common Vulnerability Exposure (CVE) ID: CVE-2007-2789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800
XForce ISS Database: sun-java-virtual-machine-dos(34654)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34654
XForce ISS Database: sunjava-bmp-dos(34320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34320
Common Vulnerability Exposure (CVE) ID: CVE-2007-3004
Common Vulnerability Exposure (CVE) ID: CVE-2007-3005
Common Vulnerability Exposure (CVE) ID: CVE-2007-3503
BugTraq ID: 24690
http://www.securityfocus.com/bid/24690
http://osvdb.org/36488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.securitytracker.com/id?1018327
http://secunia.com/advisories/25769
http://secunia.com/advisories/26314
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1
http://www.vupen.com/english/advisories/2007/2383
XForce ISS Database: sun-jdk-javadoc-xss(35168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35168
Common Vulnerability Exposure (CVE) ID: CVE-2007-3655
BugTraq ID: 24832
http://www.securityfocus.com/bid/24832
Bugtraq: 20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/473224/100/0/threaded
Bugtraq: 20070711 SUN Java JNLP Overflow (Google Search)
http://www.securityfocus.com/archive/1/473356/100/0/threaded
http://www.exploit-db.com/exploits/30284
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html
http://research.eeye.com/html/advisories/published/AD20070705.html
http://osvdb.org/37756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367
http://www.securitytracker.com/id?1018346
http://secunia.com/advisories/25981
http://securityreason.com/securityalert/2874
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
http://www.vupen.com/english/advisories/2007/2477
XForce ISS Database: sun-java-jnlp-bo(35320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35320
Common Vulnerability Exposure (CVE) ID: CVE-2007-3922
BugTraq ID: 25054
http://www.securityfocus.com/bid/25054
HPdes Security Advisory: HPSBMA02288
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
HPdes Security Advisory: SSRT071465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387
http://www.securitytracker.com/id?1018428
http://secunia.com/advisories/27635
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
http://www.vupen.com/english/advisories/2007/2573
http://www.vupen.com/english/advisories/2007/3861
XForce ISS Database: sun-java-class-unauthorized-access(35491)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35491
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.