‘HP-UX Remote Privilege Escalation and Denial of Service Vulnerabilities’

Summary

Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.’

Credit:

‘The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01997760


Details

Vulnerable Systems:
 * HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.05 or earlier
 * HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.18 or earlier
 * HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.23 or earlier

These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS)

Patch Availability:
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
http://www.hp.com/go/java

HP-UX B.11.31
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.23
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.11
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

MANUAL ACTIONS: Yes – Update
For Java v6.0.05 and earlier, update to Java v6.0.06 or subsequent
For Java v5.0.18 and earlier, update to Java v5.0.19 or subsequent
For Java v1.4.2.23 and earlier, update to Java v1.4.2.24 or subsequent

Jre14.JRE14-COM
Jre14.JRE14-PA11
Jre14.JRE14-PA11-HS
Jre14.JRE14-PA20
Jre14.JRE14-PA20-HS
Jre14.JRE14-PA20W
Jre14.JRE14-PA20W-HS
Jre14.JRE14-IPF32
Jre14.JRE14-IPF32-HS
Jre14.JRE14-IPF64
Jre14.JRE14-IPF64-HS
Jdk14.JDK14-COM
Jdk14.JDK14-IPF32
Jdk14.JDK14-IPF64
Jdk14.JDK14-PA11
Jdk14.JDK14-PA20
Jdk14.JDK14-PA20W
action: install revision 1.4.2.24.00 or subsequent

Jre15.JRE15-COM
Jre15.JRE15-PA20
Jre15.JRE15-PA20-HS
Jre15.JRE15-PA20W
Jre15.JRE15-PA20W-HS
Jre15.JRE15-IPF32
Jre15.JRE15-IPF32-HS
Jre15.JRE15-IPF64
Jre15.JRE15-IPF64-HS
Jdk15.JDK15-PA20
Jdk15.JDK15-PA20W
Jdk15.JDK15-COM
Jdk15.JDK15-IPF32
Jdk15.JDK15-IPF64
action: install revision 1.5.0.19.00 or subsequent

Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.06.00 or subsequent

CVE Information:
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3872
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877

Disclosure Timeline:
Release Date: 2010-02-08′

Categories: UNIX