SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)

Critical Nessus Plugin ID 41524

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

IBM Java 1.4.2 SR12 fixes the following security problems :

- Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2008-3104)

- A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application.
(CVE-2008-3112)

- A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3113)

- A vulnerability in Java Web Start may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2008-3114)

Solution

Apply ZYPP patch number 5846.

See Also

http://support.novell.com/security/cve/CVE-2008-3104.html

http://support.novell.com/security/cve/CVE-2008-3112.html

http://support.novell.com/security/cve/CVE-2008-3113.html

http://support.novell.com/security/cve/CVE-2008-3114.html

Plugin Details

Severity: Critical

ID: 41524

File Name: suse_java-1_4_2-ibm-5846.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2009/09/24

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/12/03

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-3104, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114

CWE: 200, 264