Otkriveni su i ispravljeni višestruki sigurnosni nedostaci otkriveni u radu programskog paketa Java za operacijski sustav HP-UX 11.x. Zlonamjerni korisnik može iskoristiti spomenute propuste za otkrivanje osjetljivih informacija, preuzimanje kontrole nad sjednicom korisnika, izvođenje DoS i "DNS cache poisoning" napada, manipulaciju određenim podacima te kompromitiranje ranjivog sustava.
Paket:
java-1.7.0-openjdk
Operacijski sustavi:
HP-UX 11.x
Kritičnost:
10
Problem:
nespecificirana pogreška, pogreška u programskoj funkciji, pogreška u programskoj komponenti
Problemi sigurnosti se javljaju zbog višestrukih nespecificiranih ranjivosti u komponenti Java Runtime Environment (JRE).
Posljedica:
Udaljeni napadač može iskoristit propuste za utjecanje na integritet, dostupnost i povjerljivost podataka te izvođenje napada uskraćivanja usluge (DoS).
Rješenje:
Kako bi se zaštitili, korisnicima se savjetuje korištenje odgovarajuće programske nadogradnje.
HP-UX update for Java
Secunia Advisory SA49198
Release Date 2012-05-16
Criticality level Highly criticalHighly critical
Impact Hijacking
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
HP-UX 11.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-4447 CVSS available in Customer Area
CVE-2010-4448 CVSS available in Customer Area
CVE-2010-4454 CVSS available in Customer Area
CVE-2010-4462 CVSS available in Customer Area
CVE-2010-4465 CVSS available in Customer Area
CVE-2010-4469 CVSS available in Customer Area
CVE-2010-4473 CVSS available in Customer Area
CVE-2010-4475 CVSS available in Customer Area
CVE-2010-4476 CVSS available in Customer Area
CVE-2011-0802 CVSS available in Customer Area
CVE-2011-0814 CVSS available in Customer Area
CVE-2011-0815 CVSS available in Customer Area
CVE-2011-0862 CVSS available in Customer Area
CVE-2011-0864 CVSS available in Customer Area
CVE-2011-0865 CVSS available in Customer Area
CVE-2011-0867 CVSS available in Customer Area
CVE-2011-0871 CVSS available in Customer Area
CVE-2011-3389 CVSS available in Customer Area
CVE-2011-3545 CVSS available in Customer Area
CVE-2011-3547 CVSS available in Customer Area
CVE-2011-3548 CVSS available in Customer Area
CVE-2011-3549 CVSS available in Customer Area
CVE-2011-3552 CVSS available in Customer Area
CVE-2011-3556 CVSS available in Customer Area
CVE-2011-3557 CVSS available in Customer Area
CVE-2011-3560 CVSS available in Customer Area
CVE-2011-3563 CVSS available in Customer Area
CVE-2012-0499 CVSS available in Customer Area
CVE-2012-0502 CVSS available in Customer Area
CVE-2012-0503 CVSS available in Customer Area
CVE-2012-0505 CVSS available in Customer Area
CVE-2012-0506 CVSS available in Customer Area
Description
HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
For more information:
SA43262
SA44784
SA46512
SA48009
The vulnerabilities are reported in versions B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 1.4.2.27 and prior.
Solution
Update to HP JDK and JRE version 1.4.2.28.
Posljednje sigurnosne preporuke