This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The IcedTea-Web project provides a Java web browser plug-in and an
implementation of Java Web Start, which is based on the Netx project.
It also contains a configuration tool for managing deployment settings
for the plug-in and Web Start implementations.
An uninitialized pointer use flaw was found in the IcedTea-Web
plug-in. Visiting a malicious web page could possibly cause a web
browser using the IcedTea-Web plug-in to crash, disclose a portion of
its memory, or execute arbitrary code. (CVE-2012-3422)
It was discovered that the IcedTea-Web plug-in incorrectly assumed all
strings received from the browser were NUL terminated. When using the
plug-in with a web browser that does not NUL terminate strings,
visiting a web page containing a Java applet could possibly cause the
browser to crash, disclose a portion of its memory, or execute
arbitrary code. (CVE-2012-3423)
This erratum also upgrades IcedTea-Web to version 1.2.1.
All IcedTea-Web users should upgrade to these updated packages, which
resolve these issues. Web browsers using the IcedTea-Web browser
plug-in must be restarted for this update to take effect.
See also :
Update the affected icedtea-web, icedtea-web-debuginfo and / or
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61406 ()
CVE ID: CVE-2012-3422CVE-2012-3423
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.