Detalji

U radu programskog paketa Oracle JRE (eng. Java Runtime Environment) otkriveni su višestruki sigurnosni propusti. Riječ je o paketu koji sadrži razvojno i radno okružje za aplikacije pisane programskim jezikom Java. Propusti su posljedica pogrešaka u brojnim programskim komponentama, kao npr. HotSpot Server, Java Web Start, Java Plug-in, Java Runtime Environment, itd. Uspješna zlouporaba tih propusta napadaču omogućuje zaobilaženje postavljenih sigurnosnih ograničenja, DoS napad, otkrivanje i upravljanje proizvoljnim podacima. Za detalje o svim propustima savjetuje se pregled izvorne preporuke. Korisnicima se preporuča instalacija nadogradnje.

VMware vCenter / ESX Server Update for Oracle (Sun) JRE
Secunia Advisory 	SA43308 	
Release Date 	2011-02-11
Criticality level 	Highly criticalHighly critical
Impact 	Unknown
Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
DoS
System access
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	VMware ESX Server 4.x

Software:	
	VMware vCenter Server 4.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2009-3555 CVSS available in Customer Area
CVE-2010-0082 CVSS available in Customer Area
CVE-2010-0084 CVSS available in Customer Area
CVE-2010-0085 CVSS available in Customer Area
CVE-2010-0087 CVSS available in Customer Area
CVE-2010-0088 CVSS available in Customer Area
CVE-2010-0089 CVSS available in Customer Area
CVE-2010-0090 CVSS available in Customer Area
CVE-2010-0091 CVSS available in Customer Area
CVE-2010-0092 CVSS available in Customer Area
CVE-2010-0093 CVSS available in Customer Area
CVE-2010-0094 CVSS available in Customer Area
CVE-2010-0095 CVSS available in Customer Area
CVE-2010-0837 CVSS available in Customer Area
CVE-2010-0838 CVSS available in Customer Area
CVE-2010-0839 CVSS available in Customer Area
CVE-2010-0840 CVSS available in Customer Area
CVE-2010-0841 CVSS available in Customer Area
CVE-2010-0842 CVSS available in Customer Area
CVE-2010-0843 CVSS available in Customer Area
CVE-2010-0844 CVSS available in Customer Area
CVE-2010-0845 CVSS available in Customer Area
CVE-2010-0846 CVSS available in Customer Area
CVE-2010-0847 CVSS available in Customer Area
CVE-2010-0848 CVSS available in Customer Area
CVE-2010-0849 CVSS available in Customer Area
CVE-2010-0850 CVSS available in Customer Area
	   	

Description

VMware has issued an update for the Oracle (Sun) JRE. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

For more information:
SA37255

Solution
Update to a fixed version or apply patches.
Further details available in Customer Area
Original Advisory
VMSA-2011-0003:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Idi na vrh