Java and Red Hat Enterprise Linux

A security risk was found java-openjdk for Red Hat Enterprise Linux which makes it vulnerable to man-in-the-middle attack, this vulnerability is on TLS/SSL  and to be more precise is when session renegotiation is handled and the attacker can force to process an attacker’s request like it would process the authenticated victim request.

A security update was released (java-1.6.0-openjdk security update) which disables renegotiation in JSSE (Java Secure Socket Extension). Renegotiation can be re-enabled.

The name assigner by the  Common Vulnerabilities and Exposures project is CVE-2009-3555

More details can be found int the link above, here and here

Advertisements
This entry was posted in IT Security, Week 13 and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s