Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)
Critical Nessus Plugin ID 64829
SynopsisThe remote Unix host contains a runtime environment that is affected by multiple vulnerabilities.
DescriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :
- A denial of service vulnerability affects the JRE LDAP implementation. (254569).
- A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)
- There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.
- There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)
- A privilege escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)
- An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.
- The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)
- The JRE Virtual Machine is affected by a privilege escalation vulnerability. (254610)
- There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.
- There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)
- A denial of service vulnerability affected the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)
SolutionUpdate to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary, any affected versions.