Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Unix host contains a runtime environment that is affected by
multiple vulnerabilities.

Description :

The version of Sun Java Runtime Environment (JRE) installed on the
remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 /
1.3.1_26. Such version are potentially affected by the following
security issues :

- A vulnerability in the JRE audio system may allow system
properties to be accessed. (263408)

- A privilege escalation vulnerability may exist in the
JRE SOCKS proxy implementation. (263409)

- An integer overflow vulnerability when parsing JPEG
images may allow an untrusted Java Web Start application
to elevate privileges. (263428)

- A vulnerability with verifying HMAC-based XML digital
signatures in the XML Digital Signature implementation
may allow authentication to be bypassed. (263429)

- An integer overflow vulnerability with unpacking applets
and Java Web start applications using the 'unpack200' JAR
unpacking utility may allow an untrusted applet to
elevate privileges. (263488)

- An issue with parsing XML data may allow a remote client
to create a denial of service condition. (263489)

- Non-current versions of the 'JNLPAppletLauncher' may be
re-purposed with an untrusted Java applet to write
arbitrary files. (263490)

See also :

http://download.oracle.com/sunalerts/1020707.1.html
http://download.oracle.com/sunalerts/1020708.1.html
http://download.oracle.com/sunalerts/1020709.1.html
http://download.oracle.com/sunalerts/1020710.1.html
http://download.oracle.com/sunalerts/1020712.1.html
http://download.oracle.com/sunalerts/1020713.1.html
http://download.oracle.com/sunalerts/1020714.1.html

Solution :

Update to Sun Java JDK / JRE 6 Update 15, JDK / JRE 5.0 Update 20, SDK
/ JRE 1.4.2_22, or SDK / JRE 1.3.1_26 or later and remove, if necessary,
any affected versions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false