Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple Java OpenJDK security vulnerabilities has been identified and
fixed :

The design of the W3C XML Signature Syntax and Processing (XMLDsig)
recommendation specifies an HMAC truncation length (HMACOutputLength)
but does not require a minimum for its length, which allows attackers
to spoof HMAC-based signatures and bypass authentication by specifying
a truncation length with a small number of bits (CVE-2009-0217).

The Java Web Start framework does not properly check all application
jar files trust and this allows context-dependent attackers to execute
arbitrary code via a crafted application, related to NetX
(CVE-2009-1896).

Some variables and data structures without the final keyword
definition allows context-depend attackers to obtain sensitive
information. The target variables and data structures are stated as
follow: (1) LayoutQueue, (2) Cursor.predefined, (3)
AccessibleResourceBundle.getContents, (4)
ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9)
AbstractSaslImpl.logger, (10)
Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector
class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).

The Java Management Extensions (JMX) implementation does not properly
enforce OpenType checks, which allows context-dependent attackers to
bypass intended access restrictions by leveraging finalizer
resurrection to obtain a reference to a privileged object
(CVE-2009-2476).

A flaw in the Xerces2 as used in OpenJDK allows remote attackers to
cause denial of service via a malformed XML input (CVE-2009-2625).

The audio system does not prevent access to java.lang.System
properties either by untrusted applets and Java Web Start
applications, which allows context-dependent attackers to obtain
sensitive information by reading these properties (CVE-2009-2670).

A flaw in the SOCKS proxy implementation allows remote attackers to
discover the user name of the account that invoked either an untrusted
applet or Java Web Start application via unspecified vectors
(CVE-2009-2671).

A flaw in the proxy mechanism implementation allows remote attackers
to bypass intended access restrictions and connect to arbitrary sites
via unspecified vectors, related to a declaration that lacks the final
keyword (CVE-2009-2673).

An integer overflow in the JPEG images parsing allows
context-dependent attackers to gain privileges via an untrusted Java
Web Start application that grants permissions to itself
(CVE-2009-2674).

An integer overflow in the unpack200 utility decompression allows
context-dependent attackers to gain privileges via vectors involving
either an untrusted applet or Java Web Start application that grants
permissions to itself (CVE-2009-2675).

A flaw in the JDK13Services.getProviders grants full privileges to
instances of unspecified object types, which allows context-dependent
attackers to bypass intended access restrictions either via an
untrusted applet or application (CVE-2009-2689).

A flaw in the OpenJDK's encoder, grants read access to private
variables with unspecified names, which allows context-dependent
attackers to obtain sensitive information either via an untrusted
applet or application (CVE-2009-2690).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now