AERAsec - Network Security - Current Security Messages

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:
Your Browser	CCBot/2.0
Your IP address	ec2-50-16-36-153.compute-1.amazonaws.com [50.16.36.153]
Your referer	(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-201207-048

System:	Red Hat Enterprise Linux
Topic:	Vulnerabilities in java-1.4.2-ibm-sap and sudo
Links:	RHSA-2012-1080, CVE-2011-3563, CVE-2012-0499, CVE-2009-0502, CVE-2012-0503, CVE-2009-0505, CVE-2012-0506, ESB-2012.0679, RHSA-2012-1081, CVE-2012-2337, ESB-2012.0680
ID:	ae-201207-048

An update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Exploiting the vulnerabilities might lead to e.g. Denial-of-Service (DoS), unauthorized access or modification of arbitrary files. User interaction is necessary to exploit them.
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handles multiple IP networks listed in user specification configuration directives. A user who is authorized to run commands with sudo on specific hosts could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. An updated package addresses this issue.