Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800978
Category:General
Title:Sun Java JRE Remote Code Execution Vulnerability (Linux)
Summary:This host is installed with Sun Java JRE and is prone to Remote; Code Execution Vulnerability.
Description:Summary:
This host is installed with Sun Java JRE and is prone to Remote
Code Execution Vulnerability.

Vulnerability Insight:
- An error occurs while using security model permissions when removing
installer extensions and may allow an untrusted applications to run as a trusted application.

- An error occurs while handling interaction between a signed JAR file
and a JNLP application or applet.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code in
the context of the affected application.

Affected Software/OS:
Sun Java JRE 6 prior to 6 Update 17 on Linux.

Solution:
Upgrade to JRE version 6 Update 17.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 36881
Common Vulnerability Exposure (CVE) ID: CVE-2009-3866
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
http://www.securityfocus.com/bid/36881
http://security.gentoo.org/glsa/glsa-200911-02.xml
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://zerodayinitiative.com/advisories/ZDI-09-077/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6635
http://www.redhat.com/support/errata/RHSA-2009-1694.html
http://secunia.com/advisories/37231
http://secunia.com/advisories/37239
http://secunia.com/advisories/37386
http://secunia.com/advisories/37581
http://secunia.com/advisories/37841
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
SuSE Security Announcement: SUSE-SA:2009:058 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
http://www.vupen.com/english/advisories/2009/3131
Common Vulnerability Exposure (CVE) ID: CVE-2009-3886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.