Executive Summary
Summary | |
---|---|
Title | New openjdk-6 packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1769 | First vendor Publication | 2009-04-11 |
Vendor | Debian | Last vendor Modification | 2009-04-11 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition (CVE-2006-2426). Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition (CVE-2009-1093). The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client (CVE-2009-1094). The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability (CVE-2009-1101). Several issues in Java Web Start have been addressed (CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution (lenny), these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1769 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
11 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
11 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
11 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
11 % | CWE-20 | Improper Input Validation |
11 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10023 | |||
Oval ID: | oval:org.mitre.oval:def:10023 | ||
Title: | Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. | ||
Description: | Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0581 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10124 | |||
Oval ID: | oval:org.mitre.oval:def:10124 | ||
Title: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10152 | |||
Oval ID: | oval:org.mitre.oval:def:10152 | ||
Title: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1101 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10609 | |||
Oval ID: | oval:org.mitre.oval:def:10609 | ||
Title: | Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | ||
Description: | Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2426 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11064 | |||
Oval ID: | oval:org.mitre.oval:def:11064 | ||
Title: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1094 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11241 | |||
Oval ID: | oval:org.mitre.oval:def:11241 | ||
Title: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1097 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11340 | |||
Oval ID: | oval:org.mitre.oval:def:11340 | ||
Title: | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | ||
Description: | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0793 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11343 | |||
Oval ID: | oval:org.mitre.oval:def:11343 | ||
Title: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1093 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11780 | |||
Oval ID: | oval:org.mitre.oval:def:11780 | ||
Title: | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||
Description: | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0723 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13131 | |||
Oval ID: | oval:org.mitre.oval:def:13131 | ||
Title: | USN-744-1 -- lcms vulnerabilities | ||
Description: | Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-744-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13310 | |||
Oval ID: | oval:org.mitre.oval:def:13310 | ||
Title: | USN-748-1 -- openjdk-6 vulnerabilities | ||
Description: | It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-748-1 CVE-2006-2426 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 | Version: | 5 |
Platform(s): | Ubuntu 8.10 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13469 | |||
Oval ID: | oval:org.mitre.oval:def:13469 | ||
Title: | DSA-1769-1 openjdk-6 -- several | ||
Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition, heap-based buffer overflows, potentially allowing arbitrary code execution, and a null-pointer dereference, leading to denial of service. The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution, these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1769-1 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13518 | |||
Oval ID: | oval:org.mitre.oval:def:13518 | ||
Title: | USN-1043-1 -- lcms vulnerability | ||
Description: | It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1043-1 CVE-2009-0793 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13591 | |||
Oval ID: | oval:org.mitre.oval:def:13591 | ||
Title: | DSA-1745-2 lcms -- several vulnerabilities | ||
Description: | This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch. For reference the original advisory text is below. Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities andi Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny2. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch3. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1745-2 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13746 | |||
Oval ID: | oval:org.mitre.oval:def:13746 | ||
Title: | DSA-1745-1 lcms -- several vulnerabilities | ||
Description: | Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny1. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1745-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22595 | |||
Oval ID: | oval:org.mitre.oval:def:22595 | ||
Title: | ELSA-2009:0339: lcms security update (Moderate) | ||
Description: | Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0339-01 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | lcms |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29236 | |||
Oval ID: | oval:org.mitre.oval:def:29236 | ||
Title: | RHSA-2009:0339 -- lcms security update (Moderate) | ||
Description: | Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS) is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0339 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | lcms |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6008 | |||
Oval ID: | oval:org.mitre.oval:def:6008 | ||
Title: | Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated | ||
Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1098 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6288 | |||
Oval ID: | oval:org.mitre.oval:def:6288 | ||
Title: | Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System | ||
Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1097 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6412 | |||
Oval ID: | oval:org.mitre.oval:def:6412 | ||
Title: | Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service | ||
Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1101 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6598 | |||
Oval ID: | oval:org.mitre.oval:def:6598 | ||
Title: | Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities | ||
Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1094 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6643 | |||
Oval ID: | oval:org.mitre.oval:def:6643 | ||
Title: | Java Runtime Environment Buffer Overflows in unpack200 Utility Lets Remote Users Execute Arbitrary Code | ||
Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1095 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6659 | |||
Oval ID: | oval:org.mitre.oval:def:6659 | ||
Title: | Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges | ||
Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1096 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6676 | |||
Oval ID: | oval:org.mitre.oval:def:6676 | ||
Title: | Java Runtime Environment LDAP Implementation Bugs Lets Remote Users Deny Service and Execute Arbitrary Code | ||
Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1093 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7412 | |||
Oval ID: | oval:org.mitre.oval:def:7412 | ||
Title: | DSA-1745 lcms -- several vulnerabilities | ||
Description: | Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1745 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8037 | |||
Oval ID: | oval:org.mitre.oval:def:8037 | ||
Title: | DSA-1769 openjdk-6 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1769 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8844 | |||
Oval ID: | oval:org.mitre.oval:def:8844 | ||
Title: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9742 | |||
Oval ID: | oval:org.mitre.oval:def:9742 | ||
Title: | Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. | ||
Description: | Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0733 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9956 | |||
Oval ID: | oval:org.mitre.oval:def:9956 | ||
Title: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1098 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl |
2011-01-14 | Name : Ubuntu Update for lcms vulnerability USN-1043-1 File : nvt/gb_ubuntu_USN_1043_1.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms) File : nvt/mdksa_2009_121_1.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm1.nasl |
2009-10-13 | Name : SLES10: Security update for liblcms File : nvt/sles10_liblcms.nasl |
2009-10-11 | Name : SLES11: Security update for lcms File : nvt/sles11_lcms.nasl |
2009-10-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm0.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK File : nvt/sles9p5050060.nasl |
2009-10-10 | Name : SLES9: Security update for liblcms File : nvt/sles9p5045880.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1198 File : nvt/RHSA_2009_1198.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:121 (lcms) File : nvt/mdksa_2009_121.nasl |
2009-06-05 | Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl |
2009-06-05 | Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl |
2009-06-01 | Name : HP-UX Update for Java HPSBUX02429 File : nvt/gb_hp_ux_HPSBUX02429.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1038 File : nvt/RHSA_2009_1038.nasl |
2009-05-11 | Name : Fedora Core 9 FEDORA-2009-3914 (lcms) File : nvt/fcore_2009_3914.nasl |
2009-05-11 | Name : Fedora Core 10 FEDORA-2009-3967 (lcms) File : nvt/fcore_2009_3967.nasl |
2009-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl |
2009-04-23 | Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win) File : nvt/gb_sun_java_jre_dos_vuln_win.nasl |
2009-04-20 | Name : Gentoo Security Advisory GLSA 200904-19 (littlecms) File : nvt/glsa_200904_19.nasl |
2009-04-15 | Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl |
2009-04-15 | Name : Fedora Core 9 FEDORA-2009-3425 (java-1.6.0-openjdk) File : nvt/fcore_2009_3425.nasl |
2009-04-15 | Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl |
2009-04-15 | Name : Fedora Core 10 FEDORA-2009-3426 (java-1.6.0-openjdk) File : nvt/fcore_2009_3426.nasl |
2009-04-06 | Name : Ubuntu USN-748-1 (openjdk-6) File : nvt/ubuntu_748_1.nasl |
2009-04-06 | Name : Ubuntu USN-747-1 (icu) File : nvt/ubuntu_747_1.nasl |
2009-04-06 | Name : Ubuntu USN-746-1 (xine-lib) File : nvt/ubuntu_746_1.nasl |
2009-04-06 | Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6) File : nvt/suse_sa_2009_016.nasl |
2009-03-31 | Name : Debian Security Advisory DSA 1745-2 (lcms) File : nvt/deb_1745_2.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0392 File : nvt/RHSA_2009_0392.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0394 File : nvt/RHSA_2009_0394.nasl |
2009-03-31 | Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl |
2009-03-31 | Name : Debian Security Advisory DSA 1745-1 (lcms) File : nvt/deb_1745_1.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk) File : nvt/fcore_2009_3034.nasl |
2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2903 (lcms) File : nvt/fcore_2009_2903.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2910 (lcms) File : nvt/fcore_2009_2910.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2928 (lcms) File : nvt/fcore_2009_2928.nasl |
2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2970 (lcms) File : nvt/fcore_2009_2970.nasl |
2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2982 (java-1.6.0-openjdk) File : nvt/fcore_2009_2982.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk) File : nvt/fcore_2009_2983.nasl |
2009-03-20 | Name : RedHat Security Advisory RHSA-2009:0339 File : nvt/RHSA_2009_0339.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-083-01 lcms File : nvt/esoft_slk_ssa_2009_083_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56310 | Little CMS (lcms) cmsxform.c Image Handling Monochrome Profile Transformation... |
56309 | Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow |
56308 | Little CMS (lcms) Image File Handling Unspecified Overflow |
56307 | Little CMS (lcms) Image File Handling Memory Exhaustion DoS |
53172 | Sun Java JDK / JRE Lightweight HTTP Server Implementation JAX-WS Service Endp... |
53168 | Sun Java JDK / JRE GIF Image Handling Overflows |
53167 | Sun Java JDK / JRE Splash Screen PNG Image Handling Overflow |
53166 | Sun Java JDK / JRE unpack200 JAR File Pack200 Header Handling Multiple Overflows |
53165 | Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary ... |
53164 | Sun Java JDK / JRE LDAP Service LdapCtx Connection Persistence Remote DoS |
25561 | Sun Java JRE Font.createFont() Method Disk Space Saturation DoS Java JDK/JRE contains a flaw that may allow a remote denial of service. The issue is triggered when applets are permitted to create large temporary files using the Font.createFont method but are never removed, and will result in loss of availability for the platform. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-01 | multiple products PNG processing buffer overflow attempt RuleID : 43399 - Revision : 2 - Type : FILE-IMAGE |
2014-01-10 | Oracle Java GIF LZW minimum code size overflow attempt RuleID : 20239 - Revision : 6 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Runtime Environment Pack200 Decompression Integer Overflow RuleID : 17522 - Revision : 12 - Type : FILE-JAVA |
2014-01-10 | multiple products PNG processing buffer overflow attempt RuleID : 16716 - Revision : 17 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0339.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090319_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
2011-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1043-1.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12361.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12422.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_lcms-090317.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_liblcms-6048.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_lcms-090309.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_lcms-090309.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO |
2009-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO |
2009-05-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3967.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3914.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2903.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-744-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3426.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2970.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2982.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO |
2009-04-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3425.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3034.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-01.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2983.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote openSUSE host is missing a security update. File : suse_liblcms-6049.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2910.nasl - Type : ACT_GATHER_INFO |
2009-03-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2928.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0339.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-1438.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:22 |
|