RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)

Critical Nessus Plugin ID 40738

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These are summarized in the 'Security Alerts' from IBM.

All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9 Java release.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2008-2086

https://access.redhat.com/security/cve/cve-2008-5339

https://access.redhat.com/security/cve/cve-2008-5340

https://access.redhat.com/security/cve/cve-2008-5341

https://access.redhat.com/security/cve/cve-2008-5342

https://access.redhat.com/security/cve/cve-2008-5343

https://access.redhat.com/security/cve/cve-2008-5344

https://access.redhat.com/security/cve/cve-2008-5345

https://access.redhat.com/security/cve/cve-2008-5346

https://access.redhat.com/security/cve/cve-2008-5348

https://access.redhat.com/security/cve/cve-2008-5349

https://access.redhat.com/security/cve/cve-2008-5350

https://access.redhat.com/security/cve/cve-2008-5351

https://access.redhat.com/security/cve/cve-2008-5352

https://access.redhat.com/security/cve/cve-2008-5353

https://access.redhat.com/security/cve/cve-2008-5354

https://access.redhat.com/security/cve/cve-2008-5356

https://access.redhat.com/security/cve/cve-2008-5357

https://access.redhat.com/security/cve/cve-2008-5359

https://access.redhat.com/security/cve/cve-2008-5360

https://www.ibm.com/us-en/?ar=1

https://access.redhat.com/errata/RHSA-2009:0016

Plugin Details

Severity: Critical

ID: 40738

File Name: redhat-RHSA-2009-0016.nasl

Version: 1.28

Type: local

Agent: unix

Published: 2009/08/24

Updated: 2018/12/20

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin, p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.7, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.2

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/01/13

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Calendar Deserialization Privilege Escalation)

Reference Information

CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359, CVE-2008-5360

BID: 32608, 32620, 32892

RHSA: 2009:0016

CWE: 94, 119, 189, 200, 264