Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61308
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0790
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0790.

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A vulnerability in the XML processing API was found. A remote attacker who
caused malicious XML to be processed by an untrusted applet or application
was able to elevate permissions to access URLs on a remote host.
(CVE-2008-3106)

A buffer overflow vulnerability was found in the font processing code. This
allowed remote attackers to extend the permissions of an untrusted applet
or application, allowing it to read and/or write local files, as well as to
execute local applications accessible to the user running the untrusted
application. (CVE-2008-3108)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities allowed an untrusted Java Web Start application to
elevate its privileges, allowing it to read and/or write local files, as
well as to execute local applications accessible to the user running the
untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, that contain the IBM 1.5.0 SR8 Java release, which resolves
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0790.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3104
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
BugTraq ID: 30140
http://www.securityfocus.com/bid/30140
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search)
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Cert/CC Advisory: TA08-193A
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565
http://www.redhat.com/support/errata/RHSA-2008-0594.html
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0790.html
http://www.redhat.com/support/errata/RHSA-2008-0906.html
RedHat Security Advisories: RHSA-2008:0955
http://rhn.redhat.com/errata/RHSA-2008-0955.html
http://www.redhat.com/support/errata/RHSA-2008-1043.html
http://www.redhat.com/support/errata/RHSA-2008-1044.html
http://www.redhat.com/support/errata/RHSA-2008-1045.html
http://www.securitytracker.com/id?1020459
http://secunia.com/advisories/31010
http://secunia.com/advisories/31055
http://secunia.com/advisories/31269
http://secunia.com/advisories/31320
http://secunia.com/advisories/31497
http://secunia.com/advisories/31600
http://secunia.com/advisories/31736
http://secunia.com/advisories/32018
http://secunia.com/advisories/32179
http://secunia.com/advisories/32180
http://secunia.com/advisories/32436
http://secunia.com/advisories/32826
http://secunia.com/advisories/33194
http://secunia.com/advisories/33236
http://secunia.com/advisories/33237
http://secunia.com/advisories/33238
http://secunia.com/advisories/35065
http://secunia.com/advisories/37386
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
SuSE Security Announcement: SUSE-SA:2008:042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
SuSE Security Announcement: SUSE-SA:2008:043 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:045 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.vupen.com/english/advisories/2008/2056/references
http://www.vupen.com/english/advisories/2008/2740
XForce ISS Database: sun-jre-unspecified-security-bypass(43662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43662
Common Vulnerability Exposure (CVE) ID: CVE-2008-3106
http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
BugTraq ID: 30143
http://www.securityfocus.com/bid/30143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866
http://www.securitytracker.com/id?1020457
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
XForce ISS Database: sun-jre-xml-unauth-access(43658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43658
Common Vulnerability Exposure (CVE) ID: CVE-2008-3108
BugTraq ID: 30147
http://www.securityfocus.com/bid/30147
http://www.securitytracker.com/id?1020461
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
XForce ISS Database: sun-jre-font-bo(43656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43656
Common Vulnerability Exposure (CVE) ID: CVE-2008-3111
BugTraq ID: 30148
http://www.securityfocus.com/bid/30148
Bugtraq: 20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/494505/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-043/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
http://www.securitytracker.com/id?1020452
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
XForce ISS Database: sun-javawebstart-unspecified-bo(43664)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
Common Vulnerability Exposure (CVE) ID: CVE-2008-3112
http://www.zerodayinitiative.com/advisories/ZDI-08-042/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102
XForce ISS Database: sun-javawebstart-file-create(43666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43666
Common Vulnerability Exposure (CVE) ID: CVE-2008-3113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454
XForce ISS Database: sun-javawebstart-file-manipulation(43667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43667
Common Vulnerability Exposure (CVE) ID: CVE-2008-3114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755
XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43668
Common Vulnerability Exposure (CVE) ID: CVE-2008-3105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11274
XForce ISS Database: sun-jre-jaxws-unauth-access(43654)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43654
XForce ISS Database: sun-jre-xml-dos(43657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43657
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.