Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)
Critical Nessus Plugin ID 64830
Synopsis
The remote Unix host contains a runtime environment that is affected by multiple vulnerabilities.
Description
The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues :
- A vulnerability in the JRE audio system may allow system properties to be accessed. (263408)
- A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409)
- An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to elevate privileges. (263428)
- A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429)
- An integer overflow vulnerability with unpacking applets and Java Web start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet to elevate privileges. (263488)
- An issue with parsing XML data may allow a remote client to create a denial of service condition. (263489)
- Non-current versions of the 'JNLPAppletLauncher' may be re-purposed with an untrusted Java applet to write arbitrary files. (263490)
Solution
Update to Sun Java JDK / JRE 6 Update 15, JDK / JRE 5.0 Update 20, SDK / JRE 1.4.2_22, or SDK / JRE 1.3.1_26 or later and remove, if necessary, any affected versions.