SuSE 11.1 Security Update : Sun Java 1.6 (SAT Patch Number 3976)

critical Nessus Plugin ID 52067

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues.

The update is rated critical by Sun.

The following CVEs were addressed :

CVE-2010-4452 / CVE-2010-4454 / CVE-2010-4462 / CVE-2010-4463 / CVE-2010-4465 / CVE-2010-4467 / CVE-2010-4469 / CVE-2010-4473 / CVE-2010-4422 / CVE-2010-4451 / CVE-2010-4466 / CVE-2010-4470 / CVE-2010-4471 / CVE-2010-4476 / CVE-2010-4447 / CVE-2010-4475 / CVE-2010-4468 / CVE-2010-4450 / CVE-2010-4448 / CVE-2010-4472 / CVE-2010-4474

Solution

Apply SAT patch number 3976.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=672449

http://support.novell.com/security/cve/CVE-2010-4422.html

http://support.novell.com/security/cve/CVE-2010-4447.html

http://support.novell.com/security/cve/CVE-2010-4448.html

http://support.novell.com/security/cve/CVE-2010-4450.html

http://support.novell.com/security/cve/CVE-2010-4451.html

http://support.novell.com/security/cve/CVE-2010-4452.html

http://support.novell.com/security/cve/CVE-2010-4454.html

http://support.novell.com/security/cve/CVE-2010-4462.html

http://support.novell.com/security/cve/CVE-2010-4463.html

http://support.novell.com/security/cve/CVE-2010-4465.html

http://support.novell.com/security/cve/CVE-2010-4466.html

http://support.novell.com/security/cve/CVE-2010-4467.html

http://support.novell.com/security/cve/CVE-2010-4468.html

http://support.novell.com/security/cve/CVE-2010-4469.html

http://support.novell.com/security/cve/CVE-2010-4470.html

http://support.novell.com/security/cve/CVE-2010-4471.html

http://support.novell.com/security/cve/CVE-2010-4472.html

http://support.novell.com/security/cve/CVE-2010-4473.html

http://support.novell.com/security/cve/CVE-2010-4474.html

http://support.novell.com/security/cve/CVE-2010-4475.html

http://support.novell.com/security/cve/CVE-2010-4476.html

Plugin Details

Severity: Critical

ID: 52067

File Name: suse_11_java-1_6_0-sun-110217.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2/23/2011

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo, p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin, p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src, p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc, p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2011

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Applet2ClassLoader Remote Code Execution)

Reference Information

CVE: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476