SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12313)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

IBM Java 1.4.2 SR12 fixes the following security problems :

- Security vulnerabilities in the Java Runtime Environment
may allow an untrusted applet that is loaded from a
remote system to circumvent network access restrictions
and establish socket connections to certain services
running on the local host, as if it were loaded from the
system that the applet is running on. This may allow the
untrusted remote applet the ability to exploit any
security vulnerabilities existing in the services it has
connected to. (CVE-2008-3104)

- A vulnerability in Java Web Start may allow an untrusted
Java Web Start application downloaded from a website to
create arbitrary files with the permissions of the user
running the untrusted Java Web Start application.
(CVE-2008-3112)

- A vulnerability in Java Web Start may allow an untrusted
Java Web Start application downloaded from a website to
create or delete arbitrary files with the permissions of
the user running the untrusted Java Web Start
application. (CVE-2008-3113)

- A vulnerability in Java Web Start may allow an untrusted
Java Web Start application to determine the location of
the Java Web Start cache. (CVE-2008-3114)

See also :

http://support.novell.com/security/cve/CVE-2008-3104.html
http://support.novell.com/security/cve/CVE-2008-3112.html
http://support.novell.com/security/cve/CVE-2008-3113.html
http://support.novell.com/security/cve/CVE-2008-3114.html

Solution :

Apply YOU patch number 12313.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 41258 ()

Bugtraq ID:

CVE ID: CVE-2008-3104
CVE-2008-3112
CVE-2008-3113
CVE-2008-3114

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now