Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70570
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2356-1 (openjdk-6)
Summary:The remote host is missing an update to openjdk-6;announced via advisory DSA 2356-1.
Description:Summary:
The remote host is missing an update to openjdk-6
announced via advisory DSA 2356-1.

Vulnerability Insight:
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform:

CVE-2011-3389
The TLS implementation does not guard properly against certain
chosen-plaintext attacks when block ciphers are used in CBC
mode.

CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing untrusted
Java code (such as applets) to elevate its privileges.

CVE-2011-3544
The Java scripting engine lacks necessary security manager
checks, allowing untrusted Java code (such as applets) to
elevate its privileges.

CVE-2011-3547
The skip() method in java.io.InputStream uses a shared buffer,
allowing untrusted Java code (such as applets) to access data
that is skipped by other code.

CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which allows
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3551
The Java2D C code contains an integer overflow which results
in a heap-based buffer overflow, potentially allowing
untrusted Java code (such as applets) to elevate its
privileges.

CVE-2011-3552
Malicious Java code can use up an excessive amount of UDP
ports, leading to a denial of service.

CVE-2011-3553
JAX-WS enables stack traces for certain server responses by
default, potentially leaking sensitive information.

CVE-2011-3554
JAR files in pack200 format are not properly checked for
errors, potentially leading to arbitrary code execution when
unpacking crafted pack200 files.

CVE-2011-3556
The RMI Registry server lacks access restrictions on certain
methods, allowing a remote client to execute arbitrary code.

CVE-2011-3557
The RMI Registry server fails to properly restrict privileges
of untrusted Java code, allowing RMI clients to elevate their
privileges on the RMI Registry server.

CVE-2011-3560
The com.sun.net.ssl.HttpsURLConnection class does not perform
proper security manager checks in the setSSLSocketFactory()
method, allowing untrusted Java code to bypass security policy
restrictions.

For the stable distribution (squeeze), this problem has been fixed in
version 6b18-1.8.10-0+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 6b23~
pre11-1.

Solution:
We recommend that you upgrade your openjdk-6 packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
HPdes Security Advisory: SSRT100740
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-3521
BugTraq ID: 50215
http://www.securityfocus.com/bid/50215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13662
http://www.securitytracker.com/id?1026215
http://secunia.com/advisories/48308
XForce ISS Database: oracle-jre-deserialization-unspecified(70850)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70850
Common Vulnerability Exposure (CVE) ID: CVE-2011-3544
BugTraq ID: 50218
http://www.securityfocus.com/bid/50218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
XForce ISS Database: oracle-jre-scripting-unspecified(70849)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Common Vulnerability Exposure (CVE) ID: CVE-2011-3547
BugTraq ID: 50243
http://www.securityfocus.com/bid/50243
http://osvdb.org/76511
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14339
http://www.redhat.com/support/errata/RHSA-2011-1478.html
XForce ISS Database: jre-networking-info-disclosure(70846)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70846
Common Vulnerability Exposure (CVE) ID: CVE-2011-3548
BugTraq ID: 50211
http://www.securityfocus.com/bid/50211
http://osvdb.org/76495
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14492
XForce ISS Database: jre-awt-unspecified(70845)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70845
Common Vulnerability Exposure (CVE) ID: CVE-2011-3551
BugTraq ID: 50224
http://www.securityfocus.com/bid/50224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14318
XForce ISS Database: oracle-jre-2d-unspecified(70842)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70842
Common Vulnerability Exposure (CVE) ID: CVE-2011-3552
BugTraq ID: 50248
http://www.securityfocus.com/bid/50248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14465
XForce ISS Database: oracle-jre-networking-unspecified(70841)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70841
Common Vulnerability Exposure (CVE) ID: CVE-2011-3553
BugTraq ID: 50246
http://www.securityfocus.com/bid/50246
http://osvdb.org/76512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14311
XForce ISS Database: oracle-jre-jaxws-info-disc(70840)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70840
Common Vulnerability Exposure (CVE) ID: CVE-2011-3554
BugTraq ID: 50216
http://www.securityfocus.com/bid/50216
http://osvdb.org/76498
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14524
XForce ISS Database: oracle-java-jre-unspecified(70839)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70839
Common Vulnerability Exposure (CVE) ID: CVE-2011-3556
BugTraq ID: 50231
http://www.securityfocus.com/bid/50231
CERT/CC vulnerability note: VU#597809
https://www.kb.cert.org/vuls/id/597809
http://osvdb.org/76505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14316
XForce ISS Database: jre-rmi-unspecified(70837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70837
Common Vulnerability Exposure (CVE) ID: CVE-2011-3557
BugTraq ID: 50234
http://www.securityfocus.com/bid/50234
http://osvdb.org/76506
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
XForce ISS Database: oracle-jre-rmi-unspecified(70836)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
Common Vulnerability Exposure (CVE) ID: CVE-2011-3560
BugTraq ID: 50236
http://www.securityfocus.com/bid/50236
http://osvdb.org/76507
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14394
XForce ISS Database: oracle-jre-jsse-unspecified(70834)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70834
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.