Ubuntu 9.10 / 10.04 LTS / 10.10 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1055-1)

Ubuntu Security Notice (C) 2011-2016 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related

Description :

It was discovered that IcedTea for Java did not properly verify
signatures when handling multiply signed or partially signed JAR
files, allowing an attacker to cause code to execute that appeared to
come from a verified source. (CVE-2011-0025)

USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu
10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures
except for the armel (ARM) architecture. This update provides the
corresponding update for Ubuntu 10.10 on the armel (ARM) architecture.

It was discovered that the JNLP SecurityManager in IcedTea for Java
OpenJDK in some instances failed to properly apply the intended
scurity policy in its checkPermission method. This could allow an
attacker to execute code with privileges that should have been
prevented. (CVE-2010-4351).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 51848 ()

Bugtraq ID: 45894

CVE ID: CVE-2010-4351

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now