Detections
Analytics
SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)
high Nessus Plugin ID 31772
Synopsis
The remote SuSE 10 host is missing a security-related patch.Description
Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities :- Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. (CVE-2008-1158)
- Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185. (CVE-2008-1186)
- Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
(CVE-2008-1187)
- Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. (CVE-2008-1189)
- Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.
(CVE-2008-1190)
- Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and 'execute local applications' via unknown vectors. (CVE-2008-1192)
- Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier;
allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. (CVE-2008-1195)
- Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. (CVE-2008-1196)
Solution
Apply ZYPP patch number 5131.See Also
http://support.novell.com/security/cve/CVE-2008-1158.html
http://support.novell.com/security/cve/CVE-2008-1185.html
http://support.novell.com/security/cve/CVE-2008-1186.html
http://support.novell.com/security/cve/CVE-2008-1187.html
http://support.novell.com/security/cve/CVE-2008-1188.html
http://support.novell.com/security/cve/CVE-2008-1189.html
http://support.novell.com/security/cve/CVE-2008-1190.html
http://support.novell.com/security/cve/CVE-2008-1191.html
http://support.novell.com/security/cve/CVE-2008-1192.html
Plugin Details
Severity: High
ID: 31772
File Name: suse_java-1_4_2-sun-5131.nasl
Version: 1.20
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/4/2008
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:suse:suse_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/27/2008
Exploitable With
CANVAS (D2ExploitPack)
Reference Information
CVE: CVE-2008-1158, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1195, CVE-2008-1196