Detections
Analytics
RHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)
high Nessus Plugin ID 63854
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary.This update has been rated as having critical security impact by the Red Hat Security Response Team.
IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environment, and the IBM Java 2 Software Development Kit.
A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1187)
Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files, or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
A flaw was found in the Java plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192)
A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possibly execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to access local network services. (CVE-2008-1195)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, that contain IBM's 1.6.0 SR1 Java release, which resolves these issues.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/cve-2008-1187
https://access.redhat.com/security/cve/cve-2008-1188
https://access.redhat.com/security/cve/cve-2008-1189
https://access.redhat.com/security/cve/cve-2008-1190
https://access.redhat.com/security/cve/cve-2008-1191
https://access.redhat.com/security/cve/cve-2008-1192
https://access.redhat.com/security/cve/cve-2008-1193
https://access.redhat.com/security/cve/cve-2008-1194
https://access.redhat.com/security/cve/cve-2008-1195
https://access.redhat.com/security/cve/cve-2008-1196
Plugin Details
Severity: High
ID: 63854
File Name: redhat-RHSA-2008-0267.nasl
Version: 1.18
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 1/24/2013
Updated: 1/14/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/19/2008
Vulnerability Publication Date: 3/6/2008
Exploitable With
CANVAS (D2ExploitPack)
Reference Information
CVE: CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196
BID: 28083