This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote SuSE 11 host is missing one or more security updates.
IBM Java 1.4.2 SR13 was updated to FP8 to fix various bugs and
The following security issues were fixed :
- The kg_accept_krb5 function in krb5/accept_sec_context.c
in the GSS-API library in MIT Kerberos 5 (aka krb5)
through 1.7.1 and 1.8 before 1.8.2, as used in kadmind
and other applications, does not properly check for
invalid GSS-API tokens, which allows remote
authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via an AP-REQ
message in which the authenticator's checksum field is
- Unspecified vulnerability in the Networking component in
Oracle Java SE and Java for Business 6 Update 21, 5.0
Update 25, 1.4.2_27, and 1.3.1_28 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: the previous
information was obtained from the October 2010 CPU.
Oracle has not commented on claims from a reliable
downstream vendor that HttpURLConnection does not
properly check for the allowHttpTrace permission, which
allows untrusted code to perform HTTP TRACE requests.
- The Java Runtime Environment hangs forever when
converting '2.2250738585072012e-308' to a binary
floating-point number. (CVE-2010-4476)
See also :
Apply SAT patch number 4024.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true