SuSE9 Security Update : Java2 (YOU Patch Number 12206)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

Sun Java was updated to 1.4.2u18 to fix following security
vulnerabilities :

- Unspecified vulnerability in Sun Java Web Start in JDK
and JRE 6 before Update 7, JDK and JRE 5.0 before Update
16, and SDK and JRE 1.4.x before 1.4.2_18 allows
context-dependent attackers to obtain sensitive
information (the cache location) via an untrusted
application, aka CR 6704074. (CVE-2008-3114)

- Unspecified vulnerability in Sun Java Web Start in JDK
and JRE 5.0 before Update 16 and SDK and JRE 1.4.x
before 1.4.2_18 allows remote attackers to create or
delete arbitrary files via an untrusted application, aka
CR 6704077. (CVE-2008-3113)

- Unspecified vulnerability in Sun Java Web Start in JDK
and JRE 6 before Update 7, JDK and JRE 5.0 before Update
16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote
attackers to create arbitrary files via an untrusted
application, aka CR 6703909. (CVE-2008-3112)

- Multiple buffer overflows in Sun Java Web Start in JDK
and JRE 6 before Update 4, JDK and JRE 5.0 before Update
16, and SDK and JRE 1.4.x before 1.4.2_18 allow
context-dependent attackers to gain privileges via an
untrusted application, as demonstrated by an application
that grants itself privileges to (1) read local files,
(2) write to local files, or (3) execute local programs,
aka CR 6557220. (CVE-2008-3111)

- Buffer overflow in Sun Java Runtime Environment (JRE) in
JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x
before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23
allows context-dependent attackers to gain privileges
via unspecified vectors related to font processing.
(CVE-2008-3108)

- Unspecified vulnerability in the Virtual Machine in Sun
Java Runtime Environment (JRE) in JDK and JRE 6 before
Update 7, JDK and JRE 5.0 before Update 16, and SDK and
JRE 1.4.x before 1.4.2_18 allows context-dependent
attackers to gain privileges via an untrusted (1)
application or (2) applet, as demonstrated by an
application or applet that grants itself privileges to
(a) read local files, (b) write to local files, or (c)
execute local programs. (CVE-2008-3107)

- Multiple unspecified vulnerabilities in Sun Java Runtime
Environment (JRE) in JDK and JRE 6 before Update 7, JDK
and JRE 5.0 before Update 16, SDK and JRE 1.4.x before
1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow
remote attackers to violate the security model for an
applet's outbound connections by connecting to localhost
services running on the machine that loaded the applet.
(CVE-2008-3104)

See also :

http://support.novell.com/security/cve/CVE-2008-3104.html
http://support.novell.com/security/cve/CVE-2008-3107.html
http://support.novell.com/security/cve/CVE-2008-3108.html
http://support.novell.com/security/cve/CVE-2008-3111.html
http://support.novell.com/security/cve/CVE-2008-3112.html
http://support.novell.com/security/cve/CVE-2008-3113.html
http://support.novell.com/security/cve/CVE-2008-3114.html

Solution :

Apply YOU patch number 12206.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 41224 ()

Bugtraq ID:

CVE ID: CVE-2008-3104
CVE-2008-3107
CVE-2008-3108
CVE-2008-3111
CVE-2008-3112
CVE-2008-3113
CVE-2008-3114

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now