Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2224-1 (openjdk-6)
Zusammenfassung:The remote host is missing an update to openjdk-6;announced via advisory DSA 2224-1.
The remote host is missing an update to openjdk-6
announced via advisory DSA 2224-1.

Vulnerability Insight:
Several security vulnerabilities were discovered in OpenJDK, an
implementation of the Java platform.

The JNLP SecurityManager returns from the checkPermission method
instead of throwing an exception in certain circumstances, which
might allow context-dependent attackers to bypass the intended
security policy by creating instances of ClassLoader.

Malicious applets can perform DNS cache poisoning.

An empty (but set) LD_LIBRARY_PATH environment variable results in
a misconstructed library search path, resulting in code execution
from possibly untrusted sources.

Malicious applets can extend their privileges by abusing Swing

The Hotspot just-in-time compiler miscompiles crafted byte
sequences, resulting in heap corruption.

JAXP can be exploited by untrusted code to elevate privileges.

Java2D can be exploited by untrusted code to elevate privileges.

Untrusted code can replace the XML DSIG implementation.

Signatures on JAR files are not properly verified, which allows
remote attackers to trick users into executing code that appears
to come from a trusted source.

The JNLPClassLoader class allows remote attackers to gain
privileges via unknown vectors related to multiple signers and the
assignment of an inappropriate security descriptor

In addition, this security update contains stability fixes, such as
switching to the recommended Hotspot version (hs14) for this
particular version of OpenJDK.

For the oldstable distribution (lenny), these problems have been fixed in
version 6b18-1.8.7-2~

For the stable distribution (squeeze), these problems have been fixed in
version 6b18-1.8.7-2~

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.8.7-1.

We recommend that you upgrade your openjdk-6 packages.

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-4351
BugTraq ID: 45894
Debian Security Information: DSA-2224 (Google Search)
XForce ISS Database: icedtea-jnlp-code-execution(64893)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4448
HPdes Security Advisory: HPSBMU02797
HPdes Security Advisory: HPSBMU02799
HPdes Security Advisory: HPSBUX02777
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
SuSE Security Announcement: SUSE-SA:2011:024 (Google Search)
SuSE Security Announcement: SUSE-SU-2011:0823 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4450
BugTraq ID: 46397
XForce ISS Database: oracle-java-launcher-code-exec(65406)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4465
Common Vulnerability Exposure (CVE) ID: CVE-2010-4469
BugTraq ID: 46400
XForce ISS Database: oracle-hotspot-code-exec(65399)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4470
BugTraq ID: 46387
XForce ISS Database: oracle-runtime-dos(65404)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4471
BugTraq ID: 46399
XForce ISS Database: oracle-runtime-information-disclosure(65405)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4472
BugTraq ID: 46404
XForce ISS Database: oracle-java-xml-dos(65411)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0025
BugTraq ID: 46110;node=3bd328e4b515
XForce ISS Database: icedtea-jar-security-bypass(65151)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0706
BugTraq ID: 46439
XForce ISS Database: icedtea-jnlpclassloader-priv-esc(65534)
CopyrightCopyright (c) 2011 E-Soft Inc.

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.