Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800975
Category:General
Title:Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)
Summary:This host is installed with Sun Java JDK/JRE and is prone to; multiple vulnerabilities.
Description:Summary:
This host is installed with Sun Java JDK/JRE and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws occur due to:

- Error when decoding 'DER' encoded data and parsing HTTP headers.

- Error when verifying 'HMAC' digests.

- Integer overflow error in the 'JPEG JFIF' Decoder while processing
malicious image files.

- A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'
functions in the Abstract Window Toolkit (AWT).

- Unspecified error due to improper parsing of color profiles of images.

- A buffer overflow error due to improper implementation of the
'HsbParser.getSoundBank()' function.

- Three unspecified errors when processing audio or image files.

Vulnerability Impact:
Successful exploitation allows remote attacker to execute arbitrary code,
gain escalated privileges, bypass security restrictions and cause denial
of service attacks inside the context of the affected system.

Affected Software/OS:
Sun Java JDK/JRE 6 prior to 6 Update 17

Sun Java JDK/JRE 5 prior to 5 Update 22

Sun Java JDK/JRE 1.4.x prior to 1.4.2_24

Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.

Solution:
Upgrade to JDK/JRE version 6 Update 17 or later,

Upgrade to JDK/JRE version 5 Update 22

Upgrade to JDK/JRE version 1.4.2_24

Upgrade to JDK/JRE version 1.3.1_27

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 36881
Common Vulnerability Exposure (CVE) ID: CVE-2009-3877
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
http://www.securityfocus.com/bid/36881
http://security.gentoo.org/glsa/glsa-200911-02.xml
HPdes Security Advisory: HPSBMU02703
http://marc.info/?l=bugtraq&m=131593453929393&w=2
HPdes Security Advisory: HPSBUX02503
http://marc.info/?l=bugtraq&m=126566824131534&w=2
HPdes Security Advisory: SSRT100019
HPdes Security Advisory: SSRT100242
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10469
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7148
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8330
http://www.redhat.com/support/errata/RHSA-2009-1694.html
http://secunia.com/advisories/37231
http://secunia.com/advisories/37239
http://secunia.com/advisories/37386
http://secunia.com/advisories/37581
http://secunia.com/advisories/37841
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
SuSE Security Announcement: SUSE-SA:2009:058 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
http://www.vupen.com/english/advisories/2009/3131
Common Vulnerability Exposure (CVE) ID: CVE-2009-3876
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608
Common Vulnerability Exposure (CVE) ID: CVE-2009-3875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11847
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7913
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-3873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602
http://securitytracker.com/id?1023132
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Common Vulnerability Exposure (CVE) ID: CVE-2009-3874
http://zerodayinitiative.com/advisories/ZDI-09-080/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
Common Vulnerability Exposure (CVE) ID: CVE-2009-3872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11715
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6963
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8475
Common Vulnerability Exposure (CVE) ID: CVE-2009-3871
http://zerodayinitiative.com/advisories/ZDI-09-079/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8275
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9360
Common Vulnerability Exposure (CVE) ID: CVE-2009-3869
http://zerodayinitiative.com/advisories/ZDI-09-078/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11262
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7400
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8566
Common Vulnerability Exposure (CVE) ID: CVE-2009-3868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622
Common Vulnerability Exposure (CVE) ID: CVE-2009-3867
http://zerodayinitiative.com/advisories/ZDI-09-076/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7750
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.