Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59262
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:045 (IBM Java, Sun Java)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2007:045.

Both the IBM and Sun Java environments had several security issues
which have been fixed by upgrading to their current patch levels.

IBM Java JRE/SDK 1.3 was updated to 1.3.1 SR10.
IBM Java JRE/SDK 1.4 was updated to 1.4.2 SR8.
IBM Java JRE/SDK 5 was updated to 5.0 SR3.
Sun Java JRE/SDK 1.3 was updated to 1.3.1_20.
Sun Java JRE/SDK 1.4 was updated to 1.4.2_15.
Sun Java JRE/SDK 1.5.0 was updated to 1.5.0_12.

For IBM Java please also check the web page
http://www-128.ibm.com/developerworks/java/jdk/alerts/
for more details.

For Sun Java please also check the web page
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
for more details.

Affecting both sets of JDKs:
- CVE-2007-0243: A buffer overflow vulnerability in the Java(TM)
Runtime Environment may allow an untrusted applet to elevate its
privileges. For example, an applet may grant itself permissions to
read and write local files or execute local applications that are
accessible to the user running the untrusted applet.

IBM Java specific (fixed already for Sun Java in SUSE-SA:2007:003) problems:
- CVE-2006-6737/CVE-2006-6736: Two vulnerabilities in the Java Runtime
Environment may independently allow an untrusted applet to access
data in other applets.

- CVE-2006-6745: Two vulnerabilities in the Java(TM) Runtime
Environment with serialization may independently allow an untrusted
applet or application to elevate its privileges.

Sun Java specific (fixed for IBM Java in later versions):
- CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC
profile image parser in Sun Java Development Kit (JDK), allows
remote attackers to execute arbitrary code or cause a denial of
service (JVM crash) via a crafted JPEG or BMP file.

- CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java
Development Kit (JDK), on Unix/Linux systems, allows remote attackers
to trigger the opening of arbitrary local files via a crafted BMP
file, which causes a denial of service (system hang) in certain
cases such as /dev/tty, and has other unspecified impact.

- CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime
Environment (JRE) allows applets to gain privileges via a GIF image
with a block with a 0 width field, which triggers memory corruption.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:045

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6736
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
BugTraq ID: 21674
http://www.securityfocus.com/bid/21674
http://security.gentoo.org/glsa/glsa-200701-15.xml
http://security.gentoo.org/glsa/glsa-200702-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml
http://docs.info.apple.com/article.html?artnum=307177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9729
http://www.redhat.com/support/errata/RHSA-2007-0062.html
http://www.redhat.com/support/errata/RHSA-2007-0072.html
http://www.redhat.com/support/errata/RHSA-2007-0073.html
http://securitytracker.com/id?1017427
http://secunia.com/advisories/23398
http://secunia.com/advisories/23650
http://secunia.com/advisories/23835
http://secunia.com/advisories/24099
http://secunia.com/advisories/24189
http://secunia.com/advisories/25404
http://secunia.com/advisories/26049
http://secunia.com/advisories/26119
http://secunia.com/advisories/28115
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
SuSE Security Announcement: SUSE-SA:2007:003 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html
SuSE Security Announcement: SUSE-SA:2007:010 (Google Search)
http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
SuSE Security Announcement: SUSE-SA:2007:045 (Google Search)
http://www.novell.com/linux/security/advisories/2007_45_java.html
http://www.vupen.com/english/advisories/2006/5075
http://www.vupen.com/english/advisories/2007/4224
Common Vulnerability Exposure (CVE) ID: CVE-2006-6737
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087
Common Vulnerability Exposure (CVE) ID: CVE-2006-6745
http://dev2dev.bea.com/pub/advisory/240
BugTraq ID: 21673
http://www.securityfocus.com/bid/21673
Cert/CC Advisory: TA07-022A
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
CERT/CC vulnerability note: VU#102289
http://www.kb.cert.org/vuls/id/102289
HPdes Security Advisory: HPSBUX02196
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
HPdes Security Advisory: SSRT071318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621
http://securitytracker.com/id?1017426
http://secunia.com/advisories/23445
http://secunia.com/advisories/24468
http://secunia.com/advisories/25283
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
http://www.vupen.com/english/advisories/2006/5074
http://www.vupen.com/english/advisories/2007/0936
http://www.vupen.com/english/advisories/2007/1814
Common Vulnerability Exposure (CVE) ID: CVE-2007-0243
http://dev2dev.bea.com/pub/advisory/242
BugTraq ID: 22085
http://www.securityfocus.com/bid/22085
Bugtraq: 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/457159/100/0/threaded
Bugtraq: 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit (Google Search)
http://www.securityfocus.com/archive/1/457638/100/0/threaded
CERT/CC vulnerability note: VU#388289
http://www.kb.cert.org/vuls/id/388289
http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
http://osvdb.org/32834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11073
http://www.redhat.com/support/errata/RHSA-2007-0166.html
http://www.redhat.com/support/errata/RHSA-2007-0167.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://securitytracker.com/id?1017520
http://secunia.com/advisories/23757
http://secunia.com/advisories/24202
http://secunia.com/advisories/24993
http://secunia.com/advisories/26645
http://secunia.com/advisories/27203
http://securityreason.com/securityalert/2158
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
http://www.vupen.com/english/advisories/2007/0211
XForce ISS Database: jre-gif-bo(31537)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31537
Common Vulnerability Exposure (CVE) ID: CVE-2007-2788
http://dev2dev.bea.com/pub/advisory/248
BugTraq ID: 24004
http://www.securityfocus.com/bid/24004
BugTraq ID: 24267
http://www.securityfocus.com/bid/24267
CERT/CC vulnerability note: VU#138545
http://www.kb.cert.org/vuls/id/138545
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
http://security.gentoo.org/glsa/glsa-200706-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://scary.beasts.org/security/CESA-2006-004.html
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700
http://www.redhat.com/support/errata/RHSA-2007-0817.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://www.securitytracker.com/id?1018182
http://secunia.com/advisories/25295
http://secunia.com/advisories/25474
http://secunia.com/advisories/25832
http://secunia.com/advisories/26311
http://secunia.com/advisories/26369
http://secunia.com/advisories/26631
http://secunia.com/advisories/26933
http://secunia.com/advisories/27266
http://secunia.com/advisories/28056
http://secunia.com/advisories/28365
http://secunia.com/advisories/29340
http://secunia.com/advisories/29858
http://secunia.com/advisories/30780
http://secunia.com/advisories/30805
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://www.attrition.org/pipermail/vim/2007-July/001696.html
http://www.attrition.org/pipermail/vim/2007-July/001697.html
http://www.attrition.org/pipermail/vim/2007-July/001708.html
http://www.attrition.org/pipermail/vim/2007-December/001862.html
http://www.vupen.com/english/advisories/2007/1836
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2008/0065
XForce ISS Database: sun-java-image-bo(34652)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34652
XForce ISS Database: sunjava-iccprofile-overflow(34318)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34318
Common Vulnerability Exposure (CVE) ID: CVE-2007-2789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800
XForce ISS Database: sun-java-virtual-machine-dos(34654)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34654
XForce ISS Database: sunjava-bmp-dos(34320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34320
Common Vulnerability Exposure (CVE) ID: CVE-2007-3004
Common Vulnerability Exposure (CVE) ID: CVE-2007-3005
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.