SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)

high Nessus Plugin ID 29476

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing several bugfixes, including the following security fixes :

- A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)

- A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)

- A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.
(CVE-2007-5273)

- An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)

- Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)

- An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)

- An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. CVE-2007-4381: A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-5240)

- The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698)

For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/

Additionally a concurrency bug has been fixed (Novell Bug 330713).

Solution

Apply ZYPP patch number 4687.

Plugin Details

Severity: High

ID: 29476

File Name: suse_java-1_5_0-ibm-4687.nasl

Version: 1.19

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/13/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/14/2007

Reference Information

CVE: CVE-2007-3698, CVE-2007-4381, CVE-2007-5232, CVE-2007-5236, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5273, CVE-2007-5274

CWE: 264

Detections

Analytics