Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64

Critical Nessus Plugin ID 62071


The remote Scientific Linux host is missing one or more security updates.


These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability.
Successful exploits can impact the availability, integrity, and confidentiality of the user's system.

In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 'in the wild,' we strongly recommend that you apply the updates as soon as possible.


Update the affected java-1.6.0-sun-compat and / or jdk packages.

See Also

Plugin Details

Severity: Critical

ID: 62071

File Name: sl_20120904_java_1_6_0_sun_on_SL5_x.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2012/09/13

Modified: 2013/11/18

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/09/04

Exploitable With


Core Impact

Metasploit (Java 7 Applet Remote Code Execution)

Reference Information

CVE: CVE-2012-4681