Detections
Analytics

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)

high Nessus Plugin ID 42923

Synopsis

The remote openSUSE host is missing a security update.

Description

New icedtea update to fix :

 - ICC_Profile file existence detection information leak;
 CVE-2009-3728: CVSS v2 Base Score: 5.0

 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0

 - resurrected classloaders can still have children;
 CVE-2009-3881: CVSS v2 Base Score: 7.5

 - Numerous static security flaws in Swing; CVE-2009-3882:
 CVSS v2 Base Score: 7.5

 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5

 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0

 - GraphicsConfiguration information leak; CVE-2009-3879:
 CVSS v2 Base Score: 7.5

 - zoneinfo file existence information leak; CVE-2009-3884:
 CVSS v2 Base Score: 5.0

 - deprecate MD2 in SSL cert validation; CVE-2009-2409:
 CVSS v2 Base Score: 6.4

 - JPEG Image Writer quantization problem; CVE-2009-3873:
 CVSS v2 Base Score: 9.3

 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0

 - OpenJDK ASN.1/DER input stream parser denial of service;
 CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0

 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3

 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3

 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3

Solution

Update the affected java-1_6_0-openjdk packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=554069

Plugin Details

Severity: High

ID: 42923

File Name: suse_11_1_java-1_6_0-openjdk-091125.nasl

Version: 1.14

Type: local

Agent: unix

Published: 11/30/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:java-1_6_0-openjdk, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin, cpe:/o:novell:opensuse:11.1, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src, p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2009

Exploitable With

Core Impact

Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)

Reference Information

CVE: CVE-2009-2409, CVE-2009-3728, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3885

CWE: 119, 189, 200, 22, 264, 310, 399