Mac OS X : Java for Mac OS X 10.4 Release 7

high Nessus Plugin ID 34291

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7.

The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.

Solution

Upgrade to Java for Mac OS X 10.4 release 7 or later.

See Also

http://support.apple.com/kb/HT3178

http://lists.apple.com/archives/security-announce/2008/Sep/msg00008.html

Plugin Details

Severity: High

ID: 34291

File Name: macosx_java_rel7.nasl

Version: 1.16

Type: local

Agent: macosx

Published: 9/25/2008

Updated: 7/14/2018

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-3637, CVE-2008-3638

BID: 28125, 30144, 30146, 31379, 31380

CWE: 264