Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.843361 |
Category: | Ubuntu Local Security Checks |
Title: | Ubuntu Update for openjdk-8 USN-3473-1 |
Summary: | The remote host is missing an update for the 'openjdk-8'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'openjdk-8' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. (CVE-2017-10274) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10281) It was discovered that the Remote Method Invocation (RMI) component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10285) It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. (CVE-2017-10295) Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects from Java Cryptography Extension KeyStore (JCEKS). An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10345) It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10346) Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10347) It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10348, CVE-2017-10357) It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-10349) It was discovered that the JAX-WS component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker ... Description truncated, for more information please check the Reference URL Affected Software/OS: openjdk-8 on Ubuntu 17.10, Ubuntu 17.04, Ubuntu 16.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-10274 Common Vulnerability Exposure (CVE) ID: CVE-2017-10281 Common Vulnerability Exposure (CVE) ID: CVE-2017-10285 Common Vulnerability Exposure (CVE) ID: CVE-2017-10295 Common Vulnerability Exposure (CVE) ID: CVE-2017-10345 Common Vulnerability Exposure (CVE) ID: CVE-2017-10346 Common Vulnerability Exposure (CVE) ID: CVE-2017-10347 Common Vulnerability Exposure (CVE) ID: CVE-2017-10348 Common Vulnerability Exposure (CVE) ID: CVE-2017-10357 Common Vulnerability Exposure (CVE) ID: CVE-2017-10349 Common Vulnerability Exposure (CVE) ID: CVE-2017-10350 Common Vulnerability Exposure (CVE) ID: CVE-2017-10355 Common Vulnerability Exposure (CVE) ID: CVE-2017-10356 Common Vulnerability Exposure (CVE) ID: CVE-2017-10388 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |