Test ID:	1.3.6.1.4.1.25623.1.0.61308
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0790
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0790. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A vulnerability in the XML processing API was found. A remote attacker who caused malicious XML to be processed by an untrusted applet or application was able to elevate permissions to access URLs on a remote host. (CVE-2008-3106) A buffer overflow vulnerability was found in the font processing code. This allowed remote attackers to extend the permissions of an untrusted applet or application, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3108) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities allowed an untrusted Java Web Start application to elevate its privileges, allowing it to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, that contain the IBM 1.5.0 SR8 Java release, which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0790.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3104 http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html BugTraq ID: 30140 http://www.securityfocus.com/bid/30140 Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and (Google Search) http://marc.info/?l=bugtraq&m=122331139823057&w=2 Bugtraq: 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (Google Search) http://www.securityfocus.com/archive/1/497041/100/0/threaded Cert/CC Advisory: TA08-193A http://www.us-cert.gov/cas/techalerts/TA08-193A.html http://security.gentoo.org/glsa/glsa-200911-02.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565 http://www.redhat.com/support/errata/RHSA-2008-0594.html http://www.redhat.com/support/errata/RHSA-2008-0595.html http://www.redhat.com/support/errata/RHSA-2008-0790.html http://www.redhat.com/support/errata/RHSA-2008-0906.html RedHat Security Advisories: RHSA-2008:0955 http://rhn.redhat.com/errata/RHSA-2008-0955.html http://www.redhat.com/support/errata/RHSA-2008-1043.html http://www.redhat.com/support/errata/RHSA-2008-1044.html http://www.redhat.com/support/errata/RHSA-2008-1045.html http://www.securitytracker.com/id?1020459 http://secunia.com/advisories/31010 http://secunia.com/advisories/31055 http://secunia.com/advisories/31269 http://secunia.com/advisories/31320 http://secunia.com/advisories/31497 http://secunia.com/advisories/31600 http://secunia.com/advisories/31736 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/32436 http://secunia.com/advisories/32826 http://secunia.com/advisories/33194 http://secunia.com/advisories/33236 http://secunia.com/advisories/33237 http://secunia.com/advisories/33238 http://secunia.com/advisories/35065 http://secunia.com/advisories/37386 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1 SuSE Security Announcement: SUSE-SA:2008:042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html SuSE Security Announcement: SUSE-SA:2008:043 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html SuSE Security Announcement: SUSE-SA:2008:045 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html SuSE Security Announcement: SUSE-SR:2008:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://www.vupen.com/english/advisories/2008/2056/references http://www.vupen.com/english/advisories/2008/2740 XForce ISS Database: sun-jre-unspecified-security-bypass(43662) https://exchange.xforce.ibmcloud.com/vulnerabilities/43662 Common Vulnerability Exposure (CVE) ID: CVE-2008-3106 http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html BugTraq ID: 30143 http://www.securityfocus.com/bid/30143 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866 http://www.securitytracker.com/id?1020457 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1 XForce ISS Database: sun-jre-xml-unauth-access(43658) https://exchange.xforce.ibmcloud.com/vulnerabilities/43658 Common Vulnerability Exposure (CVE) ID: CVE-2008-3108 BugTraq ID: 30147 http://www.securityfocus.com/bid/30147 http://www.securitytracker.com/id?1020461 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1 XForce ISS Database: sun-jre-font-bo(43656) https://exchange.xforce.ibmcloud.com/vulnerabilities/43656 Common Vulnerability Exposure (CVE) ID: CVE-2008-3111 BugTraq ID: 30148 http://www.securityfocus.com/bid/30148 Bugtraq: 20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/494505/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-043/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541 http://www.securitytracker.com/id?1020452 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 XForce ISS Database: sun-javawebstart-unspecified-bo(43664) https://exchange.xforce.ibmcloud.com/vulnerabilities/43664 Common Vulnerability Exposure (CVE) ID: CVE-2008-3112 http://www.zerodayinitiative.com/advisories/ZDI-08-042/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102 XForce ISS Database: sun-javawebstart-file-create(43666) https://exchange.xforce.ibmcloud.com/vulnerabilities/43666 Common Vulnerability Exposure (CVE) ID: CVE-2008-3113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454 XForce ISS Database: sun-javawebstart-file-manipulation(43667) https://exchange.xforce.ibmcloud.com/vulnerabilities/43667 Common Vulnerability Exposure (CVE) ID: CVE-2008-3114 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755 XForce ISS Database: sun-javawebstart-cache-info-disclosure(43668) https://exchange.xforce.ibmcloud.com/vulnerabilities/43668 Common Vulnerability Exposure (CVE) ID: CVE-2008-3105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11274 XForce ISS Database: sun-jre-jaxws-unauth-access(43654) https://exchange.xforce.ibmcloud.com/vulnerabilities/43654 XForce ISS Database: sun-jre-xml-dos(43657) https://exchange.xforce.ibmcloud.com/vulnerabilities/43657
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.