SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

IBM Java 6 was updated to Service Refresh 7.

The following security issues were fixed :

- A vulnerability in the Java Runtime Environment with
decoding DER encoded data might allow a remote client to
cause the JRE to crash, resulting in a denial of service
condition. (CVE-2009-3876 / CVE-2009-3877)

- A buffer overflow vulnerability in the Java Runtime
Environment audio system might allow an untrusted applet
or Java Web Start application to escalate privileges.
For example, an untrusted applet might grant itself
permissions to read and write local files, or run local
applications that are accessible to the user running the
untrusted applet. (CVE-2009-3867)

- A buffer overflow vulnerability in the Java Runtime
Environment with parsing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files, or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3868)

- An integer overflow vulnerability in the Java Runtime
Environment with reading JPEG files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files, or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3872)

- A buffer overflow vulnerability in the Java Runtime
Environment with processing JPEG files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files, or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3873)

- A security vulnerability in the Java Runtime Environment
with verifying HMAC digests might allow authentication
to be bypassed. This action can allow a user to forge a
digital signature that would be accepted as valid.
Applications that validate HMAC-based digital signatures
might be vulnerable to this type of attack.
(CVE-2009-3875)

- A command execution vulnerability in the Java Runtime
Environment Deployment Toolkit might be used to run
arbitrary code. This issue might occur as the result of
a user of the Java Runtime Environment viewing a
specially crafted web page that exploits this
vulnerability. (CVE-2009-3865)

- A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3869)

- A buffer overflow vulnerability in the Java Runtime
Environment with processing image files might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3871)

- A security vulnerability in the Java Web Start Installer
might be used to allow an untrusted Java Web Start
application to run as a trusted application and run
arbitrary code. This issue might occur as the result of
a user of the Java Runtime Environment viewing a
specially crafted web page that exploits this
vulnerability. (CVE-2009-3866)

- An integer overflow vulnerability in the Java Runtime
Environment with processing JPEG images might allow an
untrusted applet or Java Web Start application to
escalate privileges. For example, an untrusted applet
might grant itself permissions to read and write local
files or run local applications that are accessible to
the user running the untrusted applet. (CVE-2009-3874)

- A vulnerability with verifying HMAC-based XML digital
signatures in the XML Digital Signature implementation
included with the Java Runtime Environment (JRE) might
allow authentication to be bypassed. Applications that
validate HMAC-based XML digital signatures might be
vulnerable to this type of attack. (CVE-2009-0217)

Note: This vulnerability cannot be exploited by an untrusted applet or
Java Web Start application.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=561859
http://support.novell.com/security/cve/CVE-2009-0217.html
http://support.novell.com/security/cve/CVE-2009-3865.html
http://support.novell.com/security/cve/CVE-2009-3866.html
http://support.novell.com/security/cve/CVE-2009-3867.html
http://support.novell.com/security/cve/CVE-2009-3868.html
http://support.novell.com/security/cve/CVE-2009-3869.html
http://support.novell.com/security/cve/CVE-2009-3871.html
http://support.novell.com/security/cve/CVE-2009-3872.html
http://support.novell.com/security/cve/CVE-2009-3873.html
http://support.novell.com/security/cve/CVE-2009-3874.html
http://support.novell.com/security/cve/CVE-2009-3875.html
http://support.novell.com/security/cve/CVE-2009-3876.html
http://support.novell.com/security/cve/CVE-2009-3877.html

Solution :

Apply SAT patch number 1748.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now