SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing
several bugfixes, including the following security fixes :

- A buffer overflow vulnerability in the image parsing
code in the Java(TM) Runtime Environment may allow an
untrusted applet or application to elevate its
privileges. For example, an applet may grant itself
permissions to read and write local files or execute
local applications that are accessible to the user
running the untrusted applet. (CVE-2007-2788 /
CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005)

A second vulnerability may allow an untrusted applet or
application to cause the Java Virtual Machine to hang.

- A buffer overflow vulnerability in the Java Web Start
URL parsing code may allow an untrusted application to
elevate its privileges. For example, an application may
grant itself permissions to read and write local files
or execute local applications with the privileges of the
user running the Java Web Start application.
(CVE-2007-3655)

- A security vulnerability in the Java Runtime Environment
Applet Class Loader may allow an untrusted applet that
is loaded from a remote system to circumvent network
access restrictions and establish socket connections to
certain services running on the local host, as if it
were loaded from the system that the applet is running
on. This may allow the untrusted remote applet the
ability to exploit any security vulnerabilities existing
in the services it has connected to. (CVE-2007-3922)

For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/

See also :

http://support.novell.com/security/cve/CVE-2007-2788.html
http://support.novell.com/security/cve/CVE-2007-2789.html
http://support.novell.com/security/cve/CVE-2007-3004.html
http://support.novell.com/security/cve/CVE-2007-3005.html
http://support.novell.com/security/cve/CVE-2007-3655.html
http://support.novell.com/security/cve/CVE-2007-3922.html

Solution :

Apply ZYPP patch number 4542.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 29470 ()

Bugtraq ID:

CVE ID: CVE-2007-2788
CVE-2007-2789
CVE-2007-3655
CVE-2007-3922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now