SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

IBM Java 1.4.2 was updated to 13 fp3.

The following security issues were fixed :

- A buffer overflow vulnerability in the Java Runtime
Environment audio system might allow an untrusted applet
or Java Web Start application to escalate privileges.
For example, an untrusted applet might grant itself
permissions to read and write local files, or run local
applications that are accessible to the user running the
untrusted applet. (CVE-2009-3867)

- A security vulnerability in the Java Runtime Environment
with verifying HMAC digests might allow authentication
to be bypassed. This action can allow a user to forge a
digital signature that would be accepted as valid.
Applications that validate HMAC-based digital signatures
might be vulnerable to this type of attack.
(CVE-2009-3875)

- A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3869)

- A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3871)

- An integer overflow vulnerability in the Java Runtime
Environment with processing JPEG images might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3874)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=561831
http://support.novell.com/security/cve/CVE-2009-3867.html
http://support.novell.com/security/cve/CVE-2009-3869.html
http://support.novell.com/security/cve/CVE-2009-3871.html
http://support.novell.com/security/cve/CVE-2009-3874.html
http://support.novell.com/security/cve/CVE-2009-3875.html

Solution :

Apply SAT patch number 1744.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 43857 ()

Bugtraq ID:

CVE ID: CVE-2009-3867
CVE-2009-3869
CVE-2009-3871
CVE-2009-3874
CVE-2009-3875

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now