Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2007:003: Sun Java


Vulnerability Assessment Details

SUSE-SA:2007:003: Sun Java

Vulnerability Assessment Summary
Check for the version of the Sun Java package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2007:003 (Sun Java).


The SUN Java packages have been upgraded to fix security problems.

SUN Java was upgraded on all affected distributions:

- The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8.

- The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSE
Linux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE
Linux 9.3, 10.0, 10.1 and openSUSE 10.2.

- The Java 1.5 version (also known as Java 5) to 1.5.0_10 for SUSE
Linux 9.3, 10.0, 10.1 and openSUSE 10.2.

While Sun does not publish the vulnerabilities fixed for this specific
update, it published the bugs fixed previously, text snippets verbatim
from the Mitre CVE DB:

CVE-2006-6731:Multiple buffer overflows in Sun Java Development
Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and
earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and
earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier
permit attackers to develop Java applets that read, write, or
execute local files, possibly related to (1) integer overflows in
the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster,
and awt_parseColorModel functions
(2) a stack overflow in
the Java_sun_awt_image_ImagingLib_lookupByteRaster function

and (3) improper handling of certain negative values in the
Java_sun_font_SunLayoutEngine_nativeLayout function.

CVE-2006-6736: Unspecified vulnerability in Sun Java Development Kit
(JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier,
Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x
versions, and SDK and JRE 1.3.1_18 and earlier permits attackers to
attackers to use untrusted applets to 'access data in other applets,'
aka 'The second issue.'

CVE-2006-6737: Unspecified vulnerability in Sun Java Development Kit
(JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier,
Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x
versions, and SDK and JRE 1.3.1_18 and earlier permits attackers to
use untrusted applets to 'access data in other applets,' aka 'The
first issue.'

CVE-2006-6745: Multiple unspecified vulnerabilities in Sun Java
Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update
7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12
and earlier 1.4.x versions, permit attackers to develop Java applets or
applications that are able to gain rights, related to serialization
in JRE.


Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2007_03_java.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors


New Sealed Cisco SFP-10G-LR 10GBASE-LR SFP Plug-in Transceiver Module picture

New Sealed Cisco SFP-10G-LR 10GBASE-LR SFP Plug-in Transceiver Module

$15.00



ARISTA SFP-10G-SR 10GBASE-SR SFP+ Optical Transceiver ModuXVR-00001-02 Lot of 10 picture

ARISTA SFP-10G-SR 10GBASE-SR SFP+ Optical Transceiver ModuXVR-00001-02 Lot of 10

$65.35



NEW Genuine ARISTA SFP-10G-LR - 10GBASE-LR  XVR-10003-20 Transciever picture

NEW Genuine ARISTA SFP-10G-LR - 10GBASE-LR XVR-10003-20 Transciever

$49.99



1G/2.5G Dual Port Media Converter SFP, Gigabit SFP Repeater without Transceiver picture

1G/2.5G Dual Port Media Converter SFP, Gigabit SFP Repeater without Transceiver

$15.99



🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥 picture

🔥🔥🔥Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver 10-2415-03 🔥🔥🔥

$8.00



HP 10Gb SR SFP+ 10GBASE-SR 455885-001 10Gigabit Ethernet Transceiver 456096-001 picture

HP 10Gb SR SFP+ 10GBASE-SR 455885-001 10Gigabit Ethernet Transceiver 456096-001

$6.99



HP 560SFP+ Dual Port 10GB SFP+ Ethernet Adapter Intel X520-DA2 Card 669279-001 picture

HP 560SFP+ Dual Port 10GB SFP+ Ethernet Adapter Intel X520-DA2 Card 669279-001

$12.99



Mellanox Original MFM1T02A-SR 10GbE 10GBASE-SR SFP+ Transceiver picture

Mellanox Original MFM1T02A-SR 10GbE 10GBASE-SR SFP+ Transceiver

$9.00



For Cisco SFP-10G-T, Ubiquiti UF-RJ45-10G Transceiver, SFP+ to RJ45 10GBase-T picture

For Cisco SFP-10G-T, Ubiquiti UF-RJ45-10G Transceiver, SFP+ to RJ45 10GBase-T

$46.54



Cisco C3KX-NM-10G 10Gb SFP Network Module for 3750-X / 3560-X - NEW / SEALED picture

Cisco C3KX-NM-10G 10Gb SFP Network Module for 3750-X / 3560-X - NEW / SEALED

$63.74



Discussions

No Discussions have been posted on this vulnerability.