Detections
Analytics
RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)
critical Nessus Plugin ID 40731
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.This update has been rated as having critical security impact by the Red Hat Security Response Team.
The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.
A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086)
Additionally, these packages fix several other critical vulnerabilities. These are summarized in the 'Advance notification of Security Updates for Java SE' from Sun Microsystems.
Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/cve-2008-2086
https://access.redhat.com/security/cve/cve-2008-5339
https://access.redhat.com/security/cve/cve-2008-5340
https://access.redhat.com/security/cve/cve-2008-5341
https://access.redhat.com/security/cve/cve-2008-5342
https://access.redhat.com/security/cve/cve-2008-5354
https://access.redhat.com/security/cve/cve-2008-5356
https://access.redhat.com/security/cve/cve-2008-5357
https://access.redhat.com/security/cve/cve-2008-5358
https://access.redhat.com/security/cve/cve-2008-5359
https://access.redhat.com/security/cve/cve-2008-5360
http://www.nessus.org/u?c8d7aabf
https://access.redhat.com/errata/RHSA-2008:1018
https://access.redhat.com/security/cve/cve-2008-5343
https://access.redhat.com/security/cve/cve-2008-5344
https://access.redhat.com/security/cve/cve-2008-5345
https://access.redhat.com/security/cve/cve-2008-5347
https://access.redhat.com/security/cve/cve-2008-5348
https://access.redhat.com/security/cve/cve-2008-5349
https://access.redhat.com/security/cve/cve-2008-5350
https://access.redhat.com/security/cve/cve-2008-5351
Plugin Details
Severity: Critical
ID: 40731
File Name: redhat-RHSA-2008-1018.nasl
Version: 1.31
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 8/24/2009
Updated: 1/14/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src, cpe:/o:redhat:enterprise_linux:4, cpe:/o:redhat:enterprise_linux:4.7, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.2
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/4/2008
Vulnerability Publication Date: 12/4/2008
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Sun Java Calendar Deserialization Privilege Escalation)
Reference Information
CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360