Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61132
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0133
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0133.

IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A buffer overflow was found in the Java Runtime Environment image-handling
code. An untrusted applet or application could use this flaw to elevate its
privileges and potentially execute arbitrary code as the user running the
java virtual machine. (CVE-2007-3004)

An unspecified vulnerability was discovered in the Java Runtime
Environment. An untrusted applet or application could cause the java
virtual machine to become unresponsive. (CVE-2007-3005)

A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)

These updated packages also add the following enhancements:

* Time zone information has been updated to the latest available
information, 2007h.

* Accessibility support in AWT can now be disabled through a system
property, java.assistive. To support this change, permission to read this
property must be added to /opt/IBMJava2-131/jre/lib/security/java.policy.
Users of IBMJava2 who have modified this file should add this following
line to the grant section:

permission java.util.PropertyPermission java.assistive, read


All users of IBMJava2 should upgrade to these updated packages, which
contain IBM's 1.3.1 SR11 Java release, which resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0133.html
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3922
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/248
BugTraq ID: 25054
http://www.securityfocus.com/bid/25054
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
HPdes Security Advisory: HPSBMA02288
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
HPdes Security Advisory: SSRT071465
http://docs.info.apple.com/article.html?artnum=307177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://www.securitytracker.com/id?1018428
http://secunia.com/advisories/26314
http://secunia.com/advisories/26369
http://secunia.com/advisories/26631
http://secunia.com/advisories/26645
http://secunia.com/advisories/26933
http://secunia.com/advisories/27266
http://secunia.com/advisories/27635
http://secunia.com/advisories/28115
http://secunia.com/advisories/30805
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
http://www.vupen.com/english/advisories/2007/2573
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/3861
http://www.vupen.com/english/advisories/2007/4224
XForce ISS Database: sun-java-class-unauthorized-access(35491)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35491
Common Vulnerability Exposure (CVE) ID: CVE-2007-3004
Common Vulnerability Exposure (CVE) ID: CVE-2007-3005
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.