This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing
several bugfixes, including the following security fixes :
- A buffer overflow vulnerability in the image parsing
code in the Java(TM) Runtime Environment may allow an
untrusted applet or application to elevate its
privileges. For example, an applet may grant itself
permissions to read and write local files or execute
local applications that are accessible to the user
running the untrusted applet. (CVE-2007-2788 /
CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005)
A second vulnerability may allow an untrusted applet or
application to cause the Java Virtual Machine to hang.
- A buffer overflow vulnerability in the Java Web Start
URL parsing code may allow an untrusted application to
elevate its privileges. For example, an application may
grant itself permissions to read and write local files
or execute local applications with the privileges of the
user running the Java Web Start application.
- A security vulnerability in the Java Runtime Environment
Applet Class Loader may allow an untrusted applet that
is loaded from a remote system to circumvent network
access restrictions and establish socket connections to
certain services running on the local host, as if it
were loaded from the system that the applet is running
on. This may allow the untrusted remote applet the
ability to exploit any security vulnerabilities existing
in the services it has connected to. (CVE-2007-3922)
For more information see:
See also :
Apply ZYPP patch number 4542.
Risk factor :
Medium / CVSS Base Score : 6.8
Public Exploit Available : true