[Emerging-Sigs] Sig: ET POLICY Vulnerable Java Version 1.6.x Detected

Chris Wakelin c.d.wakelin at reading.ac.uk
Mon Oct 24 09:36:37 EDT 2011


Looks like _27 is vulnerable too:

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA

Has anybody seen exploits?

Chris

On 27/09/11 21:39, Matthew Jonkman wrote:
> We had updated to _26 after seeing exploits in the wild targeting it, and then the 0-day reports. 
> 
> Matt
> 
> 
> On Sep 27, 2011, at 12:36 PM, Marcos Orallo wrote:
> 
>> Hi,
>>
>> El 26/09/2011 21:51, Hermano Pereira escribió:
>>>
>>> Bug Fixes
>>>
>>> Java SE 6u27 does not add any fixes for security vulnerabilities beyond
>>> those in Java SE 6u26. Users who have Java SE 6u26 have the latest
>>> security fixes and do not need to upgrade to this release to be current
>>> on security fixes.
>>>
>>> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html
>>>
>>> -x-x-x-x-x-x-x-x-x
>>>
>>> Java/1.6.0_26 = FP?
>>>
>>
>> Actually there is an unpatched vulnerability in Java/1.6.0u26 and u27:
>>
>> http://secunia.com/advisories/45173/
>>
>> I don't know if the rule is made to take this into account though.
>>
>> Regards,
>> Marcos.
>> _______________________________________________

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094


More information about the Emerging-sigs mailing list