SuSE 11.2 安全更新:Java(SAT 修补程序编号 7454)

critical Nessus 插件 ID 65246
全新!插件严重性现在使用 CVSS v3

计算的插件严重性默认已更新为使用 CVSS v3。没有 CVSS v3 分数的插件将回退到 CVSS v2 来计算严重性。可以在设置下拉列表中切换严重性显示首选项。

简介

远程 SuSE 11 主机缺少一个或多个安全更新。

描述

IBM Java 7 已更新到 SR4,修复了各种危急的安全问题和缺陷。

有关更多信息,请参阅“IBM JDK 警报”页面:

http://www.ibm.com/developerworks/java/jdk/alerts/

修复的安全问题:

- / CVE-2012-3174。(CVE-2013-1487 / CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-0441 / CVE-2013-1476 / CVE-2012-1541 / CVE-2013-0446 / CVE-2012-3342 / CVE-2013-0442 / CVE-2013-0450 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2012-3213 / CVE-2013-0419 / CVE-2013-0423 / CVE-2013-0351 / CVE-2013-0432 / CVE-2013-1473 / CVE-2013-0435 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440 / CVE-2013-0438 / CVE-2013-0443 / CVE-2013-1484 / CVE-2013-1485 / CVE-2013-0437 / CVE-2013-0444 / CVE-2013-0449 / CVE-2013-0431 / CVE-2013-0422)

解决方案

请应用 SAT 修补程序编号 7454。

另见

https://bugzilla.novell.com/show_bug.cgi?id=798535

http://support.novell.com/security/cve/CVE-2012-1541.html

http://support.novell.com/security/cve/CVE-2012-3174.html

http://support.novell.com/security/cve/CVE-2012-3213.html

http://support.novell.com/security/cve/CVE-2012-3342.html

http://support.novell.com/security/cve/CVE-2013-0351.html

http://support.novell.com/security/cve/CVE-2013-0409.html

http://support.novell.com/security/cve/CVE-2013-0419.html

http://support.novell.com/security/cve/CVE-2013-0422.html

http://support.novell.com/security/cve/CVE-2013-0423.html

http://support.novell.com/security/cve/CVE-2013-0424.html

http://support.novell.com/security/cve/CVE-2013-0425.html

http://support.novell.com/security/cve/CVE-2013-0426.html

http://support.novell.com/security/cve/CVE-2013-0427.html

http://support.novell.com/security/cve/CVE-2013-0428.html

http://support.novell.com/security/cve/CVE-2013-0431.html

http://support.novell.com/security/cve/CVE-2013-0432.html

http://support.novell.com/security/cve/CVE-2013-0433.html

http://support.novell.com/security/cve/CVE-2013-0434.html

http://support.novell.com/security/cve/CVE-2013-0435.html

http://support.novell.com/security/cve/CVE-2013-0437.html

http://support.novell.com/security/cve/CVE-2013-0438.html

http://support.novell.com/security/cve/CVE-2013-0440.html

http://support.novell.com/security/cve/CVE-2013-0441.html

http://support.novell.com/security/cve/CVE-2013-0442.html

http://support.novell.com/security/cve/CVE-2013-0443.html

http://support.novell.com/security/cve/CVE-2013-0444.html

http://support.novell.com/security/cve/CVE-2013-0445.html

http://support.novell.com/security/cve/CVE-2013-0446.html

http://support.novell.com/security/cve/CVE-2013-0449.html

http://support.novell.com/security/cve/CVE-2013-0450.html

http://support.novell.com/security/cve/CVE-2013-1473.html

http://support.novell.com/security/cve/CVE-2013-1476.html

http://support.novell.com/security/cve/CVE-2013-1478.html

http://support.novell.com/security/cve/CVE-2013-1480.html

http://support.novell.com/security/cve/CVE-2013-1484.html

http://support.novell.com/security/cve/CVE-2013-1485.html

http://support.novell.com/security/cve/CVE-2013-1486.html

http://support.novell.com/security/cve/CVE-2013-1487.html

插件详情

严重性: Critical

ID: 65246

文件名: suse_11_java-1_7_0-ibm-130306.nasl

版本: 1.9

类型: local

代理: unix

发布时间: 2013/3/13

最近更新时间: 2021/1/19

依存关系: ssh_get_info.nasl

风险信息

VPR

风险因素: Critical

分数: 9.8

CVSS v2

风险因素: Critical

基本分数: 10

矢量: AV:N/AC:L/Au:N/C:C/I:C/A:C

漏洞信息

CPE: p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm, p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa, p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc, p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin, cpe:/o:novell:suse_linux:11

必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

可利用: true

易利用性: Exploits are available

补丁发布日期: 2013/3/6

可利用的方式

CANVAS (CANVAS)

Core Impact

Metasploit (Java Applet JMX Remote Code Execution)

参考资料信息

CVE: CVE-2012-1541, CVE-2012-3174, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487