|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200702-07] Sun JDK/JRE: Execution of arbitrary code Vulnerability Scan
Vulnerability Scan Summary Sun JDK/JRE: Execution of arbitrary code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200702-07
(Sun JDK/JRE: Execution of arbitrary code)
A anonymous researcher discovered that an error in the handling of a
GIF image with a zero width field block leads to a memory corruption
flaw.
Impact
A possible hacker could entice a user to run a specially crafted Java applet
or application that would load a crafted GIF image, which could result
in escalation of rights and unauthorized access to system
resources.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2007-0243
Solution:
All Sun Java Development Kit 1.5 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.5.0.10"
All Sun Java Development Kit 1.4 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose "=dev-java/sun-jdk-1.4.2*"
All Sun Java Runtime Environment 1.5 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.5.0.10"
All Sun Java Runtime Environment 1.4 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose "=dev-java/sun-jre-bin-1.4.2*"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|