Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Unix host has an application that is affected by multiple
vulnerabilities.

Description :

According to its version number, the Sun Java Runtime Environment (JRE)
and/or Web Start installed on the remote host is reportedly affected by
several issues that could be abused to move / copy local files, read or
write local files, circumvent network access restrictions, or elevate
privileges.

See also :

http://conference.hitb.org/hitbsecconf2007kl/?page_id=148
http://www.nessus.org/u?d88f8c90
http://www.nessus.org/u?3744db68
http://www.nessus.org/u?6dd067e0
http://www.nessus.org/u?1cbab94e
http://www.nessus.org/u?811a9446

Solution :

Update to Sun JDK and JRE 6 Update 3 / JDK and JRE 5.0 Update 13 / SDK
and JRE 1.4.2_16 / SDK and JRE 1.3.1_21 or later and remove, if
necessary, any other affected versions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false