[Emerging-Sigs] Sig: ET POLICY Vulnerable Java Version 1.6.x Detected

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Oct 24 09:42:04 EDT 2011


Sigh….

I assume then no objections to up'ing the rev we're looking for in these?

Doing so if no screaming. Thanks Chris!!

Matt


On Oct 24, 2011, at 9:36 AM, Chris Wakelin wrote:

> Looks like _27 is vulnerable too:
> 
> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#AppendixJAVA
> 
> Has anybody seen exploits?
> 
> Chris
> 
> On 27/09/11 21:39, Matthew Jonkman wrote:
>> We had updated to _26 after seeing exploits in the wild targeting it, and then the 0-day reports. 
>> 
>> Matt
>> 
>> 
>> On Sep 27, 2011, at 12:36 PM, Marcos Orallo wrote:
>> 
>>> Hi,
>>> 
>>> El 26/09/2011 21:51, Hermano Pereira escribió:
>>>> 
>>>> Bug Fixes
>>>> 
>>>> Java SE 6u27 does not add any fixes for security vulnerabilities beyond
>>>> those in Java SE 6u26. Users who have Java SE 6u26 have the latest
>>>> security fixes and do not need to upgrade to this release to be current
>>>> on security fixes.
>>>> 
>>>> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html
>>>> 
>>>> -x-x-x-x-x-x-x-x-x
>>>> 
>>>> Java/1.6.0_26 = FP?
>>>> 
>>> 
>>> Actually there is an unpatched vulnerability in Java/1.6.0u26 and u27:
>>> 
>>> http://secunia.com/advisories/45173/
>>> 
>>> I don't know if the rule is made to take this into account though.
>>> 
>>> Regards,
>>> Marcos.
>>> _______________________________________________
> 
> -- 
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
> Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!


----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------



More information about the Emerging-sigs mailing list