Test ID:	1.3.6.1.4.1.25623.1.0.62906
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0817
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0817. IBM's 1.4.2 SR9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges and read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435) A buffer overflow in the image code JRE was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) All users of java-1.4.2-ibm should upgrade to these updated packages, which contain IBM's 1.4.2 SR9 Java release that resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0817.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2435 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://dev2dev.bea.com/pub/advisory/241 BugTraq ID: 23728 http://www.securityfocus.com/bid/23728 http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml http://security.gentoo.org/glsa/glsa-200706-08.xml http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml http://docs.info.apple.com/article.html?artnum=307177 http://osvdb.org/35483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999 http://www.redhat.com/support/errata/RHSA-2007-0817.html http://www.redhat.com/support/errata/RHSA-2007-0829.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securitytracker.com/id?1017986 http://secunia.com/advisories/25069 http://secunia.com/advisories/25283 http://secunia.com/advisories/25413 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26311 http://secunia.com/advisories/26369 http://secunia.com/advisories/28115 http://secunia.com/advisories/29858 http://secunia.com/advisories/30780 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 http://www.vupen.com/english/advisories/2007/1598 http://www.vupen.com/english/advisories/2007/1814 http://www.vupen.com/english/advisories/2007/4224 XForce ISS Database: javawebstart-classes-privilege-escalation(33984) https://exchange.xforce.ibmcloud.com/vulnerabilities/33984 Common Vulnerability Exposure (CVE) ID: CVE-2007-3004 Common Vulnerability Exposure (CVE) ID: CVE-2007-3005
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.