openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)

Critical Nessus Plugin ID 53736

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.5

Synopsis

The remote openSUSE host is missing a security update.

Description

Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.

The update is rated critical by Sun.

Following CVEs were addressed: CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4467 CVE-2010-4469 CVE-2010-4473 CVE-2010-4422 CVE-2010-4451 CVE-2010-4466 CVE-2010-4470 CVE-2010-4471 CVE-2010-4476 CVE-2010-4447 CVE-2010-4475 CVE-2010-4468 CVE-2010-4450 CVE-2010-4448 CVE-2010-4472 CVE-2010-4474

Solution

Update the affected java-1_6_0-sun packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=672449

https://lists.opensuse.org/opensuse-updates/2011-02/msg00014.html

Plugin Details

Severity: Critical

ID: 53736

File Name: suse_11_2_java-1_6_0-sun-110217.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2011/05/05

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 9.5

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_6_0-sun, p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa, p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo, p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel, p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc, p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin, p-cpe:/a:novell:opensuse:java-1_6_0-sun-src, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/17

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Applet2ClassLoader Remote Code Execution)

Reference Information

CVE: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476