English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69567
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2224-1)
Summary:The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2224-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'openjdk-6' package(s) announced via the DSA-2224-1 advisory.

Vulnerability Insight:
Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform.

CVE-2010-4351

The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

CVE-2010-4448

Malicious applets can perform DNS cache poisoning.

CVE-2010-4450

An empty (but set) LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources.

CVE-2010-4465

Malicious applets can extend their privileges by abusing Swing timers.

CVE-2010-4469

The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption.

CVE-2010-4470

JAXP can be exploited by untrusted code to elevate privileges.

CVE-2010-4471

Java2D can be exploited by untrusted code to elevate privileges.

CVE-2010-4472

Untrusted code can replace the XML DSIG implementation.

CVE-2011-0025

Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

CVE-2011-0706

The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor.

In addition, this security update contains stability fixes, such as switching to the recommended Hotspot version (hs14) for this particular version of OpenJDK.

For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.7-2~
lenny1.

For the stable distribution (squeeze), these problems have been fixed in version 6b18-1.8.7-2~
squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.8.7-1.

We recommend that you upgrade your openjdk-6 packages.

Affected Software/OS:
'openjdk-6' package(s) on Debian 5, Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4351
43002
http://secunia.com/advisories/43002
43078
http://secunia.com/advisories/43078
43085
http://secunia.com/advisories/43085
43135
http://secunia.com/advisories/43135
45894
http://www.securityfocus.com/bid/45894
70605
http://osvdb.org/70605
ADV-2011-0165
http://www.vupen.com/english/advisories/2011/0165
ADV-2011-0166
http://www.vupen.com/english/advisories/2011/0166
ADV-2011-0215
http://www.vupen.com/english/advisories/2011/0215
ADV-2011-0239
http://www.vupen.com/english/advisories/2011/0239
DSA-2224
http://www.debian.org/security/2011/dsa-2224
FEDORA-2011-0500
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html
FEDORA-2011-0521
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html
GLSA-201406-32
http://security.gentoo.org/glsa/glsa-201406-32.xml
MDVSA-2011:054
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
RHSA-2011:0176
http://www.redhat.com/support/errata/RHSA-2011-0176.html
USN-1052-1
http://www.ubuntu.com/usn/USN-1052-1
USN-1055-1
http://www.ubuntu.com/usn/USN-1055-1
http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/
http://www.zerodayinitiative.com/advisories/ZDI-11-014/
https://bugzilla.redhat.com/show_bug.cgi?id=663680
icedtea-jnlp-code-execution(64893)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64893
Common Vulnerability Exposure (CVE) ID: CVE-2010-4448
Debian Security Information: DSA-2224 (Google Search)
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14045
http://www.redhat.com/support/errata/RHSA-2011-0281.html
http://www.redhat.com/support/errata/RHSA-2011-0282.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://secunia.com/advisories/43350
http://secunia.com/advisories/44954
http://secunia.com/advisories/49198
SuSE Security Announcement: SUSE-SA:2011:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html
SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4450
BugTraq ID: 46397
http://www.securityfocus.com/bid/46397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12420
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14135
XForce ISS Database: oracle-java-launcher-code-exec(65406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65406
Common Vulnerability Exposure (CVE) ID: CVE-2010-4465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14034
Common Vulnerability Exposure (CVE) ID: CVE-2010-4469
BugTraq ID: 46400
http://www.securityfocus.com/bid/46400
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13639
XForce ISS Database: oracle-hotspot-code-exec(65399)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65399
Common Vulnerability Exposure (CVE) ID: CVE-2010-4470
BugTraq ID: 46387
http://www.securityfocus.com/bid/46387
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14076
XForce ISS Database: oracle-runtime-dos(65404)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65404
Common Vulnerability Exposure (CVE) ID: CVE-2010-4471
BugTraq ID: 46399
http://www.securityfocus.com/bid/46399
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14417
XForce ISS Database: oracle-runtime-information-disclosure(65405)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65405
Common Vulnerability Exposure (CVE) ID: CVE-2010-4472
BugTraq ID: 46404
http://www.securityfocus.com/bid/46404
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14118
XForce ISS Database: oracle-java-xml-dos(65411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65411
Common Vulnerability Exposure (CVE) ID: CVE-2011-0025
46110
http://www.securityfocus.com/bid/46110
http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/
http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset%3Bnode=3bd328e4b515
icedtea-jar-security-bypass(65151)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65151
Common Vulnerability Exposure (CVE) ID: CVE-2011-0706
43350
46439
http://www.securityfocus.com/bid/46439
FEDORA-2011-1631
FEDORA-2011-1645
http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/
https://bugzilla.redhat.com/show_bug.cgi?id=677332
icedtea-jnlpclassloader-priv-esc(65534)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65534
oval:org.mitre.oval:def:14117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.