Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60735
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0210
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0210.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

Two vulnerabilities in the Java Runtime Environment allowed an untrusted
application or applet to elevate the assigned privileges. This could be
misused by a malicious website to read and write local files or execute
local applications in the context of the user running the Java process.
(CVE-2008-0657)

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)

All users of java-ibm-1.5.0 are advised to upgrade to these updated
packages, that contain IBM's 1.5.0 SR7 Java release which resolves these
issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0210.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0657
http://dev2dev.bea.com/pub/advisory/277
BugTraq ID: 27650
http://www.securityfocus.com/bid/27650
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505
http://www.redhat.com/support/errata/RHSA-2008-0123.html
http://www.redhat.com/support/errata/RHSA-2008-0156.html
http://www.redhat.com/support/errata/RHSA-2008-0210.html
http://www.securitytracker.com/id?1019308
http://secunia.com/advisories/28795
http://secunia.com/advisories/28888
http://secunia.com/advisories/29214
http://secunia.com/advisories/29498
http://secunia.com/advisories/29841
http://secunia.com/advisories/29858
http://secunia.com/advisories/29897
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
http://secunia.com/advisories/31497
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2008/0429
http://www.vupen.com/english/advisories/2008/1252
http://www.vupen.com/english/advisories/2008/1856/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-1187
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
Cert/CC Advisory: TA08-066A
http://www.us-cert.gov/cas/techalerts/TA08-066A.html
http://jvn.jp/en/jp/JVN04032535/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278
http://www.redhat.com/support/errata/RHSA-2008-0186.html
http://www.redhat.com/support/errata/RHSA-2008-0243.html
http://www.redhat.com/support/errata/RHSA-2008-0244.html
http://www.redhat.com/support/errata/RHSA-2008-0245.html
http://www.redhat.com/support/errata/RHSA-2008-0267.html
http://www.redhat.com/support/errata/RHSA-2008-0555.html
http://www.securitytracker.com/id?1019548
http://secunia.com/advisories/29239
http://secunia.com/advisories/29273
http://secunia.com/advisories/29582
http://secunia.com/advisories/29999
http://secunia.com/advisories/30003
http://secunia.com/advisories/31067
http://secunia.com/advisories/31580
http://secunia.com/advisories/31586
http://secunia.com/advisories/32018
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1
SuSE Security Announcement: SUSE-SA:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html
http://www.vupen.com/english/advisories/2008/0770/references
XForce ISS Database: java-virtualmachine-multiple-priv-escalation(41025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41025
Common Vulnerability Exposure (CVE) ID: CVE-2008-1188
http://www.zerodayinitiative.com/advisories/ZDI-08-009/
http://www.zerodayinitiative.com/advisories/ZDI-08-010/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209
http://www.securitytracker.com/id?1019549
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1
XForce ISS Database: javawebstart-application-priv-escalation(41029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41029
XForce ISS Database: javawebstart-multiple-unspecified-bo(41133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41133
Common Vulnerability Exposure (CVE) ID: CVE-2008-1189
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9582
XForce ISS Database: javawebstart-unspecified-bo(41135)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41135
Common Vulnerability Exposure (CVE) ID: CVE-2008-1190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9914
Common Vulnerability Exposure (CVE) ID: CVE-2008-1192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813
http://www.securitytracker.com/id?1019550
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1
XForce ISS Database: java-plugin-unspecified-security-bypass(41031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41031
Common Vulnerability Exposure (CVE) ID: CVE-2008-1193
BugTraq ID: 28125
http://www.securityfocus.com/bid/28125
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409
http://www.securitytracker.com/id?1019551
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1
XForce ISS Database: sun-jre-imagelibrary-privilege-escalation(41028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41028
Common Vulnerability Exposure (CVE) ID: CVE-2008-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542
XForce ISS Database: sun-jre-jdk-colorlibrary-dos(41132)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41132
Common Vulnerability Exposure (CVE) ID: CVE-2008-1195
Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/490196/100/0/threaded
Cert/CC Advisory: TA08-087A
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486
http://www.securitytracker.com/id?1019553
http://secunia.com/advisories/29526
http://secunia.com/advisories/29541
http://secunia.com/advisories/29547
http://secunia.com/advisories/29560
http://secunia.com/advisories/29645
http://secunia.com/advisories/30620
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SuSE Security Announcement: SUSE-SA:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://www.ubuntu.com/usn/usn-592-1
http://www.vupen.com/english/advisories/2008/0998/references
http://www.vupen.com/english/advisories/2008/1793/references
XForce ISS Database: sun-jre-javascript-unauthorized-access(41030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41030
Common Vulnerability Exposure (CVE) ID: CVE-2008-1196
CERT/CC vulnerability note: VU#223028
http://www.kb.cert.org/vuls/id/223028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10412
http://www.securitytracker.com/id?1019552
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233327-1
XForce ISS Database: sun-java-webstart-javaws-bo(41026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41026
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.