Sun Java JRE Multiple Vulnerabilities (233321-233327) (Unix)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Unix host has an application that is affected by multiple
vulnerabilities.

Description :

The version of Sun Java Runtime Environment (JRE) installed on the
remote host is affected by one or more security issues :

- Two vulnerabilities in the JRE VM may independently allow
an untrusted application or applet downloaded from a
website to elevate its privileges (233321).

- When processing XSLT transformations, an untrusted
application or applet downloaded from a website may
be able to elevate its privileges or cause the JRE to
crash (233322).

- Three buffer overflows exist in Java Web Start (233323).

- A vulnerability in the Java Plug-in may allow an applet
downloaded from a website to bypass the same origin
policy and execute local applications (233324).

- Multiple vulnerabilities in the JRE Image Processing
library may allow an untrusted application or applet
to elevate its privileges or cause the JRE to crash
(233325).

- A vulnerability in the JRE may allow untrusted
JavaScript code to elevate its privileges through
Java APIs (233326).

- An as-yet unspecified buffer overflow exists in Java
Web Start (233327).

See also :

http://download.oracle.com/sunalerts/1019016.1.html
http://download.oracle.com/sunalerts/1019017.1.html
http://download.oracle.com/sunalerts/1019018.1.html
http://download.oracle.com/sunalerts/1019018.1.html
http://download.oracle.com/sunalerts/1019020.1.html
http://download.oracle.com/sunalerts/1019021.1.html
http://download.oracle.com/sunalerts/1019021.1.html

Solution :

Upgrade to Sun JDK and JRE 6 Update 5 / JDK and JRE 5.0 Update 15 / SDK
and JRE 1.4.2_17 or later and remove, if necessary, any other affected
versions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 64827 ()

Bugtraq ID: 28083
28125

CVE ID: CVE-2008-1193