Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)

High Nessus Plugin ID 36034

Synopsis

The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities.

Description

The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :

- A denial of service vulnerability affects the JRE LDAP implementation. (254569).

- A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)

- There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.
(254570)

- There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)

- A privilege-escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)

- A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)

- A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)

- An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.
(254611)

- The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)

- The JRE Virtual Machine is affected by a privilege-escalation vulnerability. (254610)

- There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.
(254571)

- There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)

- A denial of service vulnerability affects the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)

Solution

Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary, any affected versions.

See Also

https://download.oracle.com/sunalerts/1020224.1.html

https://download.oracle.com/sunalerts/1020225.1.html

https://download.oracle.com/sunalerts/1020226.1.html

https://download.oracle.com/sunalerts/1020228.1.html

https://download.oracle.com/sunalerts/1020229.1.html

https://download.oracle.com/sunalerts/1020230.1.html

https://download.oracle.com/sunalerts/1020231.1.html

https://www.oracle.com/technetwork/java/javase/6u13-142696.html

https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html

http://www.nessus.org/u?d2825206

Plugin Details

Severity: High

ID: 36034

File Name: sun_java_jre_254569.nasl

Version: 1.26

Type: local

Agent: windows

Family: Windows

Published: 2009/03/27

Updated: 2018/11/15

Dependencies: 33545

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/03/24

Reference Information

CVE: CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107

BID: 34240

CWE: 16, 20, 94, 119, 189