Package : openjdk-7
Version : 7u171-2.6.13-1~deb7u1
CVE ID : CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602
CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633
CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663
CVE-2018-2677 CVE-2018-2678
Debian Bug : 891330
Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, unauthorized access, sandbox bypass or HTTP header injection.
For Debian 7 "Wheezy", these problems have been fixed in version
7u171-2.6.13-1~deb7u1.
We recommend that you upgrade your openjdk-7 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
{"suse": [{"lastseen": "2018-03-15T14:34:25", "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n Security issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366):\n\n - CVE-2018-2579: Improve key keying case\n - CVE-2018-2588: Improve LDAP logins\n - CVE-2018-2599: Improve reliability of DNS lookups\n - CVE-2018-2602: Improve usage messages\n - CVE-2018-2603: Improve PKCS usage\n - CVE-2018-2618: Stricter key generation\n - CVE-2018-2629: Improve GSS handling\n - CVE-2018-2633: Improve LDAP lookup robustness\n - CVE-2018-2634: Improve property negotiations\n - CVE-2018-2637: Improve JMX supportive features\n - CVE-2018-2641: Improve GTK initialization\n - CVE-2018-2663: More refactoring for deserialization cases\n - CVE-2018-2677: More refactoring for client deserialization cases\n - CVE-2018-2678: More refactoring for naming\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-03-15T12:12:52", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-15T12:12:52", "id": "OPENSUSE-SU-2018:0684-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00038.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-12T21:34:10", "description": "This update for java-1_7_0-openjdk fixes the following issues:\n\n Security issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366):\n\n - CVE-2018-2579: Improve key keying case\n - CVE-2018-2588: Improve LDAP logins\n - CVE-2018-2599: Improve reliability of DNS lookups\n - CVE-2018-2602: Improve usage messages\n - CVE-2018-2603: Improve PKCS usage\n - CVE-2018-2618: Stricter key generation\n - CVE-2018-2629: Improve GSS handling\n - CVE-2018-2633: Improve LDAP lookup robustness\n - CVE-2018-2634: Improve property negotiations\n - CVE-2018-2637: Improve JMX supportive features\n - CVE-2018-2641: Improve GTK initialization\n - CVE-2018-2663: More refactoring for deserialization cases\n - CVE-2018-2677: More refactoring for client deserialization cases\n - CVE-2018-2678: More refactoring for naming\n\n", "cvss3": {}, "published": "2018-03-12T18:08:02", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-12T18:08:02", "id": "SUSE-SU-2018:0661-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00031.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-12T21:34:11", "description": "This update for java-1_8_0-openjdk fixes the following issues:\n\n Security issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366):\n\n - CVE-2018-2579: Improve key keying case\n - CVE-2018-2582: Better interface invocations\n - CVE-2018-2588: Improve LDAP logins\n - CVE-2018-2599: Improve reliability of DNS lookups\n - CVE-2018-2602: Improve usage messages\n - CVE-2018-2603: Improve PKCS usage\n - CVE-2018-2618: Stricter key generation\n - CVE-2018-2629: Improve GSS handling\n - CVE-2018-2633: Improve LDAP lookup robustness\n - CVE-2018-2634: Improve property negotiations\n - CVE-2018-2637: Improve JMX supportive features\n - CVE-2018-2641: Improve GTK initialization\n - CVE-2018-2663: More refactoring for deserialization cases\n - CVE-2018-2677: More refactoring for client deserialization cases\n - CVE-2018-2678: More refactoring for naming deserialization cases\n\n", "cvss3": {}, "published": "2018-03-12T18:09:10", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-12T18:09:10", "id": "SUSE-SU-2018:0663-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00032.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-15T06:35:37", "description": "This update for java-1_8_0-openjdk fixes the following issues:\n\n Security issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366):\n\n - CVE-2018-2579: Improve key keying case\n - CVE-2018-2582: Better interface invocations\n - CVE-2018-2588: Improve LDAP logins\n - CVE-2018-2599: Improve reliability of DNS lookups\n - CVE-2018-2602: Improve usage messages\n - CVE-2018-2603: Improve PKCS usage\n - CVE-2018-2618: Stricter key generation\n - CVE-2018-2629: Improve GSS handling\n - CVE-2018-2633: Improve LDAP lookup robustness\n - CVE-2018-2634: Improve property negotiations\n - CVE-2018-2637: Improve JMX supportive features\n - CVE-2018-2641: Improve GTK initialization\n - CVE-2018-2663: More refactoring for deserialization cases\n - CVE-2018-2677: More refactoring for client deserialization cases\n - CVE-2018-2678: More refactoring for naming deserialization cases\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "cvss3": {}, "published": "2018-03-15T03:07:22", "type": "suse", "title": "Security update for java-1_8_0-openjdk (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2629", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-15T03:07:22", "id": "OPENSUSE-SU-2018:0679-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00036.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-09T15:37:44", "description": "This update for java-1_7_0-ibm provides the following fixes:\n\n The version was updated to 7.0.10.20 [bsc#1082810]:\n\n * Following security issues were fixed:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl \u00e2\u0080\u0093 SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n", "cvss3": {}, "published": "2018-03-09T12:09:56", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-09T12:09:56", "id": "SUSE-SU-2018:0645-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00029.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-15T20:35:53", "description": "This update for java-1_7_1-ibm fixes the following issues:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n * SUSE fixes:\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp\n files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed.\n [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR\n 110991601735. [bsc#966304]\n\n", "cvss3": {}, "published": "2018-03-15T18:07:53", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-15T18:07:53", "id": "SUSE-SU-2018:0694-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00039.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-19T20:35:57", "description": "This update for java-1_7_1-ibm fixes the following issue:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n * SUSE fixes:\n\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp\n files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed.\n [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR\n 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the proper file\n system locations. Without those symlinks, several OES iManager plugins\n did not function properly. [bsc#1085018]\n\n", "cvss3": {}, "published": "2018-03-19T18:08:56", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-19T18:08:56", "id": "SUSE-SU-2018:0743-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00049.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-07T17:37:39", "description": "This update for java-1_7_1-ibm provides the following fix:\n\n The version was updated to 7.1.4.20 [bsc#1082810]\n\n * Security fixes:\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641\n CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602\n CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n * Defect fixes:\n\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl \u00e2\u0080\u0093 SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n - Make it possible to run Java jnlp files from Firefox. (bsc#1057460)\n\n", "cvss3": {}, "published": "2018-03-07T15:07:26", "type": "suse", "title": "Security update for java-1_7_1-ibm (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2657", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-07T15:07:26", "id": "SUSE-SU-2018:0630-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00027.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-12T21:34:11", "description": "This update for java-1_8_0-ibm fixes the following issues:\n\n - Removed java-1_8_0-ibm-alsa and java-1_8_0-ibm-plugin entries in\n baselibs.conf due to errors in osc source_validator\n\n Version update to 8.0.5.10 [bsc#1082810]\n\n * Security fixes:\n\n CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634\n CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2603 CVE-2018-2599\n CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588\n CVE-2018-2579\n\n * Defect fixes:\n\n - IJ02608 Class Libraries: Change of namespace definitions with\n handlers that implement javax.xml.ws.handler.soap.soaphandler\n - IJ04280 Class Libraries: Deploy Upgrade to Oracle level 8u161-b12\n - IJ03390 Class Libraries: JCL Upgrade to Oracle level 8u161-b12\n - IJ04001 Class Libraries: Performance improvement with child process\n on AIX\n - IJ04281 Class Libraries: Startup time increase after applying apar\n IV96905\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n - IJ03440 Java Virtual Machine: Assertion failure during class creation\n - IJ03717 Java Virtual Machine: Assertion for gencon with concurrent\n scavenger on ZOS64\n - IJ03513 Java Virtual Machine: Assertion in concurrent scavenger if\n initial heap memory size -Xms is set too low\n - IJ03994 Java Virtual Machine: Class.getmethods() does not return all\n methods\n - IJ03413 Java Virtual Machine: Hang creating thread after redefining\n classes\n - IJ03852 Java Virtual Machine: ICH408I message when groupaccess is\n specified with -xshareclasses\n - IJ03716 Java Virtual Machine: java/lang/linkageerror from\n sun/misc/unsafe.definean onymousclass()\n - IJ03116 Java Virtual Machine: java.fullversion string contains an\n extra space\n - IJ03347 Java Virtual Machine: java.lang.IllegalStateException in\n related class MemoryMXBean\n - IJ03878 Java Virtual Machine: java.lang.StackOverflowError is thrown\n when custom security manager in place\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump,\n trace, log was not enabled by default\n - IJ04248 JIT Compiler: ArrayIndexOutOfBoundsException is thrown when\n converting BigDecimal to String\n - IJ04250 JIT Compiler: Assertion failure with concurrentScavenge on\n Z14\n - IJ03606 JIT Compiler: Java crashes with -version\n - IJ04251 JIT Compiler: JIT compiled method that takes advantage of\n AutoSIMD produces an incorrect result on x86\n - IJ03854 JIT Compiler: JVM info message appears in stdout\n - IJ03607 JIT Compiler: Result String contains a redundant dot when\n converted from BigDecimal with 0 on all platforms\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n - IJ03715 Security: Add additional support for the IBMJCEPlus\n provider, add support for new IBMJCEPlusFIPS provider\n - IJ03800 Security: A fix in CMS provider for KDB integrity\n - IJ04282 Security: Change in location and default of jurisdiction\n policy files\n - IJ03853 Security: IBMCAC provider does not support SHA224\n - IJ02679 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ02706 Security: IBMPKCS11Impl \u00e2\u0080\u0093 Bad sessions are being allocated\n internally\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot\n specification attribute\n - IJ01901 Security: IBMPKCS11Impl \u00e2\u0080\u0093 SecureRandom.setSeed() exception\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with\n stash, JKS Chain issue and JVM argument parse issue with iKeyman\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n - PI93233 z/OS Extentions: Cipher.doFinal() fails when using\n AES/GCM/nopadding with AAD data of 13 bytes and a block size\n of 4081 to 4096\n\n * Fixes in 8.0.5.7:\n\n - IJ02605 Class Libraries: Update IBM-1371 charset with new\n specification support\n - IJ02541 Java Virtual Machine: Assertions in GC when jvmti runs with\n Concurrent Scavenger\n - IJ02443 Java Virtual Machine: Committed eden region size is bigger\n than maximum eden region size\n - IJ02378 Java Virtual Machine: Existing signal action for\n SIG_IGN/SIG_DFL is not detected properly\n - IJ02758 JIT Compiler: Crash in JIT module during method compilation\n - IJ02733 JIT Compiler: Crash in jit module when compiling in\n non-default configuration\n\n * Fixes in 8.0.5.6:\n\n - IJ02283 Java Virtual Machine: IllegalAccessException due to a\n missing access check for the same class in MethodHandle apis\n - IJ02082 Java Virtual Machine: The default value for class unloading\n kick\n off threshold is not set\n - IJ02018 JIT Compiler: Crash or assertion while attempting to acquire\n VM access\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n - IV88941 JIT Compiler: JIT compiler takes far too long to compile a\n method\n - IJ02285 JIT Compiler: Performance degradation during class unloading\n in Java 8 SR5\n\n - Support Java jnlp files run from Firefox. [bsc#1076390]\n\n", "cvss3": {}, "published": "2018-03-12T18:10:24", "type": "suse", "title": "Security update for java-1_8_0-ibm (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-2618", "CVE-2018-2582", "CVE-2018-2663", "CVE-2018-2633", "CVE-2018-2639", "CVE-2018-2638", "CVE-2018-2637", "CVE-2018-2677", "CVE-2018-2603", "CVE-2018-2599", "CVE-2018-2641", "CVE-2018-2588", "CVE-2018-2634", "CVE-2018-2602", "CVE-2018-2678", "CVE-2018-2579"], "modified": "2018-03-12T18:10:24", "id": "SUSE-SU-2018:0665-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00034.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2021-07-29T01:59:40", "description": "**Issue Overview:**\n\nDerValue unbounded memory allocation: \nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\nUnsynchronized access to encryption key data \nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUse of global credentials for HTTP/SPNEGO \nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nLoading of classes from untrusted locations: \nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nGTK library loading use-after-free: \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2641)\n\nLdapLoginModule insufficient username encoding in LDAP query: \nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\nSingleEntryRegistry incorrect setup of deserialization filter: \nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nInsufficient strength of key agreement: \nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nGSS context use-after-free: \nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\nLDAPCertStore insecure handling of LDAP referrals: \nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nDnsClient missing source port randomization: \nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\nUnbounded memory allocation in BasicAttributes deserialization: \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2678)\n\nArrayBlockingQueue deserialization to an inconsistent state: \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2663)\n\nUnbounded memory allocation during deserialization: \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2677)\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-1.7.0.171-2.6.13.0.76.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.76.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.76.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.76.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.76.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.76.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-1.7.0.171-2.6.13.0.76.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.76.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-1.7.0.171-2.6.13.0.76.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.76.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.76.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.76.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-21T22:12:00", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-03-23T17:34:00", "id": "ALAS-2018-974", "href": "https://alas.aws.amazon.com/ALAS-2018-974.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-07-29T02:29:24", "description": "**Issue Overview:**\n\nSingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) \nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601) \nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) \nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot, 8174962) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). (CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) \nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292) \nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525) \nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387) \nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) \n \nUnbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600) \nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212) \nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) \n \nDnsClient missing source port randomization (JNDI, 8182125) \nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.amzn2.noarch \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.amzn2.noarch \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.amzn2.noarch \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-1.8.0.161-0.b14.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-headless-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-devel-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-demo-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-src-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.amzn2.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.amzn2.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-07T17:47:00", "type": "amazon", "title": "Important: java-1.8.0-openjdk", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-02-08T21:45:00", "id": "ALAS2-2018-949", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-949.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-07-29T02:00:02", "description": "**Issue Overview:**\n\nSingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) \nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601) \nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) \nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot, 8174962) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). (CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) \nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292) \nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525) \nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289) \nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387) \nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) \n \nUnbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) \nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600) \nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212) \nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) \n \nDnsClient missing source port randomization (JNDI, 8182125) \nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n \n**Affected Packages:** \n\n\njava-1.8.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.8.0-openjdk_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-src-1.8.0.161-0.b14.36.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.36.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-headless-1.8.0.161-0.b14.36.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-1.8.0.161-0.b14.36.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-devel-1.8.0.161-0.b14.36.amzn1.i686 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-demo-1.8.0.161-0.b14.36.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.36.amzn1.noarch \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.36.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-1.8.0.161-0.b14.36.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.36.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-src-1.8.0.161-0.b14.36.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-devel-1.8.0.161-0.b14.36.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-demo-1.8.0.161-0.b14.36.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-1.8.0.161-0.b14.36.amzn1.x86_64 \n \u00a0\u00a0\u00a0 java-1.8.0-openjdk-headless-1.8.0.161-0.b14.36.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-07T17:45:00", "type": "amazon", "title": "Important: java-1.8.0-openjdk", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-02-08T21:42:00", "id": "ALAS-2018-949", "href": "https://alas.aws.amazon.com/ALAS-2018-949.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2022-05-16T15:49:00", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Debian DSA-4166-1 : openjdk-7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4166.NASL", "href": "https://www.tenable.com/plugins/nessus/108853", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4166. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108853);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"DSA\", value:\"4166\");\n\n script_name(english:\"Debian DSA-4166-1 : openjdk-7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice, sandbox bypass, execution of arbitrary code, incorrect\nLDAP/GSS authentication, insecure use of cryptography or bypass of\ndeserialisation restrictions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjdk-7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4166\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-7 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 7u171-2.6.13-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-dbg\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-demo\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-doc\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jdk\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-source\", reference:\"7u171-2.6.13-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:15:58", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-02-27T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2018:0349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-0349.NASL", "href": "https://www.tenable.com/plugins/nessus/107016", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0349. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107016);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0349\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2018:0349)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0349\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:14:38", "description": "Security Fix(es) :\n\n - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-02-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20180226)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/107021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107021);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20180226)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the AWT component of OpenJDK. An\n untrusted Java application or applet could use this flaw\n to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount of\n memory when deserialized. (CVE-2018-2663, CVE-2018-2677,\n CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1802&L=scientific-linux-errata&F=&S=&P=9195\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44859b79\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:50:09", "description": "It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579)\n\nIt was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588)\n\nIt was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications.\n(CVE-2018-2599)\n\nIt was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource bundle classes. A local attacker could use this to trick a user into running malicious code. (CVE-2018-2602)\n\nIt was discovered that OpenJDK did not properly restrict memory allocations when parsing DER input. A remote attacker could possibly use this to cause a denial of service. (CVE-2018-2603)\n\nIt was discovered that the Java Cryptography Extension (JCE) implementation in OpenJDK in some situations did guarantee sufficient strength of keys during key agreement. An attacker could use this to expose sensitive information. (CVE-2018-2618)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some situations did not properly handle GSS contexts in the native GSS library. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2629)\n\nIt was discovered that the LDAP implementation in OpenJDK did not properly handle LDAP referrals in some situations. An attacker could possibly use this to expose sensitive information or gain unauthorized privileges. (CVE-2018-2633)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some situations did not properly apply subject credentials. An attacker could possibly use this to expose sensitive information or gain access to unauthorized resources. (CVE-2018-2634)\n\nIt was discovered that the Java Management Extensions (JMX) component of OpenJDK did not properly apply deserialization filters in some situations. An attacker could use this to bypass deserialization restrictions. (CVE-2018-2637)\n\nIt was discovered that a use-after-free vulnerability existed in the AWT component of OpenJDK when loading the GTK library. An attacker could possibly use this to execute arbitrary code and escape Java sandbox restrictions. (CVE-2018-2641)\n\nIt was discovered that in some situations OpenJDK did not properly validate objects when performing deserialization. An attacker could use this to cause a denial of service (application crash or excessive memory consumption). (CVE-2018-2663)\n\nIt was discovered that the AWT component of OpenJDK did not properly restrict the amount of memory allocated when deserializing some objects. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2677)\n\nIt was discovered that the JNDI component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects in some situations. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2678).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3614-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3614-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3614-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108794);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"USN\", value:\"3614-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3614-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a race condition existed in the cryptography\nimplementation in OpenJDK. An attacker could possibly use this to\nexpose sensitive information. (CVE-2018-2579)\n\nIt was discovered that the LDAP implementation in OpenJDK did not\nproperly encode login names. A remote attacker could possibly use this\nto expose sensitive information. (CVE-2018-2588)\n\nIt was discovered that the DNS client implementation in OpenJDK did\nnot properly randomize source ports. A remote attacker could use this\nto spoof responses to DNS queries made by Java applications.\n(CVE-2018-2599)\n\nIt was discovered that the Internationalization component of OpenJDK\ndid not restrict search paths when loading resource bundle classes. A\nlocal attacker could use this to trick a user into running malicious\ncode. (CVE-2018-2602)\n\nIt was discovered that OpenJDK did not properly restrict memory\nallocations when parsing DER input. A remote attacker could possibly\nuse this to cause a denial of service. (CVE-2018-2603)\n\nIt was discovered that the Java Cryptography Extension (JCE)\nimplementation in OpenJDK in some situations did guarantee sufficient\nstrength of keys during key agreement. An attacker could use this to\nexpose sensitive information. (CVE-2018-2618)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some\nsituations did not properly handle GSS contexts in the native GSS\nlibrary. An attacker could possibly use this to access unauthorized\nresources. (CVE-2018-2629)\n\nIt was discovered that the LDAP implementation in OpenJDK did not\nproperly handle LDAP referrals in some situations. An attacker could\npossibly use this to expose sensitive information or gain unauthorized\nprivileges. (CVE-2018-2633)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some\nsituations did not properly apply subject credentials. An attacker\ncould possibly use this to expose sensitive information or gain access\nto unauthorized resources. (CVE-2018-2634)\n\nIt was discovered that the Java Management Extensions (JMX) component\nof OpenJDK did not properly apply deserialization filters in some\nsituations. An attacker could use this to bypass deserialization\nrestrictions. (CVE-2018-2637)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAWT component of OpenJDK when loading the GTK library. An attacker\ncould possibly use this to execute arbitrary code and escape Java\nsandbox restrictions. (CVE-2018-2641)\n\nIt was discovered that in some situations OpenJDK did not properly\nvalidate objects when performing deserialization. An attacker could\nuse this to cause a denial of service (application crash or excessive\nmemory consumption). (CVE-2018-2663)\n\nIt was discovered that the AWT component of OpenJDK did not properly\nrestrict the amount of memory allocated when deserializing some\nobjects. An attacker could use this to cause a denial of service\n(excessive memory consumption). (CVE-2018-2677)\n\nIt was discovered that the JNDI component of OpenJDK did not properly\nrestrict the amount of memory allocated when deserializing objects in\nsome situations. An attacker could use this to cause a denial of\nservice (excessive memory consumption). (CVE-2018-2678).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3614-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jdk\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u171-2.6.13-0ubuntu0.14.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-7-jre-jamvm / openjdk-7-jdk / openjdk-7-jre / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:43:20", "description": "DerValue unbounded memory allocation :\n\nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\nUnsynchronized access to encryption key data\n\nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUse of global credentials for HTTP/SPNEGO\n\nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nLoading of classes from untrusted locations :\n\nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nGTK library loading use-after-free :\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2641)\n\nLdapLoginModule insufficient username encoding in LDAP query :\n\nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nSingleEntryRegistry incorrect setup of deserialization filter :\n\nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nInsufficient strength of key agreement :\n\nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nGSS context use-after-free :\n\nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nLDAPCertStore insecure handling of LDAP referrals :\n\nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nDnsClient missing source port randomization :\n\nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\nUnbounded memory allocation in BasicAttributes deserialization :\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n(CVE-2018-2678)\n\nArrayBlockingQueue deserialization to an inconsistent state :\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n(CVE-2018-2663)\n\nUnbounded memory allocation during deserialization :\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2677)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-974.NASL", "href": "https://www.tenable.com/plugins/nessus/108599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-974.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108599);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"ALAS\", value:\"2018-974\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-974)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"DerValue unbounded memory allocation :\n\nIt was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\nUnsynchronized access to encryption key data\n\nIt was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nUse of global credentials for HTTP/SPNEGO\n\nThe JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\nLoading of classes from untrusted locations :\n\nIt was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\nGTK library loading use-after-free :\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker and while the\nvulnerability is in Java SE, Java SE Embedded, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets, that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability does not apply to Java deployments,\ntypically in servers, that load and run only trusted code (e.g., code\ninstalled by an administrator). (CVE-2018-2641)\n\nLdapLoginModule insufficient username encoding in LDAP query :\n\nIt was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nSingleEntryRegistry incorrect setup of deserialization filter :\n\nIt was discovered that the JMX component of OpenJDK failed to properly\nset the deserialization filter for the SingleEntryRegistry in certain\ncases. A remote attacker could possibly use this flaw to bypass\nintended deserialization restrictions. (CVE-2018-2637)\n\nInsufficient strength of key agreement :\n\nIt was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\nGSS context use-after-free :\n\nIt was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nLDAPCertStore insecure handling of LDAP referrals :\n\nIt was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\nDnsClient missing source port randomization :\n\nIt was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\nUnbounded memory allocation in BasicAttributes deserialization :\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability\nallows unauthenticated attacker with network access via multiple\nprotocols to compromise Java SE, Java SE Embedded, JRockit. Successful\nattacks require human interaction from a person other than the\nattacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\n(CVE-2018-2678)\n\nArrayBlockingQueue deserialization to an inconsistent state :\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: Libraries). Easily exploitable\nvulnerability allows unauthenticated attacker with network access via\nmultiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than\nthe attacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\n(CVE-2018-2663)\n\nUnbounded memory allocation during deserialization :\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker. Successful attacks\nof this vulnerability can result in unauthorized ability to cause a\npartial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in\nclients running sandboxed Java Web Start applications or sandboxed\nJava applets, that load and run untrusted code (e.g., code that comes\nfrom the internet) and rely on the Java sandbox for security. This\nvulnerability does not apply to Java deployments, typically in\nservers, that load and run only trusted code (e.g., code installed by\nan administrator). (CVE-2018-2677)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-974.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.76.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:43:23", "description": "According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.7.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1059.NASL", "href": "https://www.tenable.com/plugins/nessus/108463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108463);\n script_version(\"1.65\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.7.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the AWT component of OpenJDK. An\n untrusted Java application or applet could use this\n flaw to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle\n LDAP referrals. An attacker could possibly use this\n flaw to make it fetch attacker controlled certificate\n data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass\n intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A\n remote attacker could possibly use this flaw to\n manipulate LDAP queries performed by the\n LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to\n those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading\n resource bundle classes. A local attacker could\n possibly use this flaw to execute arbitrary code as\n another local user by making their Java application\n load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if\n it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement\n implementations in the JCE component of OpenJDK did not\n guarantee sufficient strength of used keys to\n adequately protect generated shared secret. This could\n make it easier to break data encryption by attacking\n key agreement rather than the encryption using the\n negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to\n use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially-crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount\n of memory when deserialized. (CVE-2018-2663,\n CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1059\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44f26b9f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0\",\n \"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0\",\n \"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:43:24", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\nSecurity issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization cases\n\n - CVE-2018-2677: More refactoring for client deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-256.NASL", "href": "https://www.tenable.com/plugins/nessus/108357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-256.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108357);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-256)\");\n script_summary(english:\"Check for the openSUSE-2018-256 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\nSecurity issues fixed in OpenJDK 7u171 (January 2018 \nCPU)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization\n cases\n\n - CVE-2018-2677: More refactoring for client\n deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076366\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-devel-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-headless-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-demo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-devel-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-headless-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.171-48.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_7_0-openjdk-src-1.7.0.171-48.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk-bootstrap / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:14:38", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-01T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2018:0349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0349.NASL", "href": "https://www.tenable.com/plugins/nessus/107074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0349 and \n# CentOS Errata and Security Advisory 2018:0349 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107074);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0349\");\n\n script_name(english:\"CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2018:0349)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-February/022764.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cc744e28\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-February/022765.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31a033d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2599\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:20:49", "description": "According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2018-1058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.7.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1058.NASL", "href": "https://www.tenable.com/plugins/nessus/108462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108462);\n script_version(\"1.70\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2018-1058)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.7.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the AWT component of OpenJDK. An\n untrusted Java application or applet could use this\n flaw to bypass certain Java sandbox restrictions.\n (CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle\n LDAP referrals. An attacker could possibly use this\n flaw to make it fetch attacker controlled certificate\n data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass\n intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A\n remote attacker could possibly use this flaw to\n manipulate LDAP queries performed by the\n LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to\n those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading\n resource bundle classes. A local attacker could\n possibly use this flaw to execute arbitrary code as\n another local user by making their Java application\n load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if\n it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement\n implementations in the JCE component of OpenJDK did not\n guarantee sufficient strength of used keys to\n adequately protect generated shared secret. This could\n make it easier to break data encryption by attacking\n key agreement rather than the encryption using the\n negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to\n use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially-crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount\n of memory when deserialized. (CVE-2018-2663,\n CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1058\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ca32c36\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0\",\n \"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0\",\n \"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:52:12", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, unauthorized access, sandbox bypass or HTTP header injection.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7u171-2.6.13-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-04T00:00:00", "type": "nessus", "title": "Debian DLA-1339-1 : openjdk-7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao", "p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm", "p-cpe:/a:debian:debian_linux:openjdk-7-dbg", "p-cpe:/a:debian:debian_linux:openjdk-7-demo", "p-cpe:/a:debian:debian_linux:openjdk-7-doc", "p-cpe:/a:debian:debian_linux:openjdk-7-jdk", "p-cpe:/a:debian:debian_linux:openjdk-7-jre", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero", "p-cpe:/a:debian:debian_linux:openjdk-7-source", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1339.NASL", "href": "https://www.tenable.com/plugins/nessus/108815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1339-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108815);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"Debian DLA-1339-1 : openjdk-7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice, unauthorized access, sandbox bypass or HTTP header injection.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7u171-2.6.13-1~deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-cacao\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-dbg\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-demo\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-doc\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jdk\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-source\", reference:\"7u171-2.6.13-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-20T15:06:19", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0012_JAVA-1.7.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/127162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0012. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127162);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0012)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has java-1.7.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n require human interaction from a person other than the\n attacker. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial denial\n of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and\n run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments,\n typically in servers, that load and run only trusted\n code (e.g., code installed by an administrator). CVSS\n 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized creation, deletion or\n modification access to critical data or all Java SE,\n Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on\n the Java sandbox for security. This vulnerability does\n not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code\n installed by an administrator). CVSS 3.0 Base Score 6.1\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0012\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.7.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2637\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el7_4\",\n \"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-16T15:16:40", "description": "From Red Hat Security Advisory 2018:0349 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-02-27T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2018-0349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.7.0-openjdk", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0349.NASL", "href": "https://www.tenable.com/plugins/nessus/107014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0349 and \n# Oracle Linux Security Advisory ELSA-2018-0349 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107014);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0349\");\n\n script_name(english:\"Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2018-0349)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0349 :\n\nAn update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java\napplication or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-February/007535.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-February/007536.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.0.1.el6_9\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.0.1.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:17:59", "description": "This update for java-1_7_0-openjdk fixes the following issues:\nSecurity issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization cases\n\n - CVE-2018-2677: More refactoring for client deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0661-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0661-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108280", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0661-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108280);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0661-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues:\nSecurity issues fixed in OpenJDK 7u171 (January 2018 \nCPU)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization\n cases\n\n - CVE-2018-2677: More refactoring for client\n deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2629/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180661-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08951c81\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-448=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-448=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-448=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-448=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-448=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.171-43.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.171-43.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-20T15:06:17", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0124_JAVA-1.7.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/127372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0124. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127372);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0124)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n require human interaction from a person other than the\n attacker. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial denial\n of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and\n run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments,\n typically in servers, that load and run only trusted\n code (e.g., code installed by an administrator). CVSS\n 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized creation, deletion or\n modification access to critical data or all Java SE,\n Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on\n the Java sandbox for security. This vulnerability does\n not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code\n installed by an administrator). CVSS 3.0 Base Score 6.1\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0124\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.7.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2637\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el6_9\",\n \"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el6_9\",\n \"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el6_9\",\n \"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el6_9\",\n \"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el6_9\",\n \"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el6_9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-16T15:40:02", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\nSecurity issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2582: Better interface invocations\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization cases\n\n - CVE-2018-2677: More refactoring for client deserialization cases\n\n - CVE-2018-2678: More refactoring for naming deserialization cases\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-254.NASL", "href": "https://www.tenable.com/plugins/nessus/108355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-254.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108355);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2018-254)\");\n script_summary(english:\"Check for the openSUSE-2018-254 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\nSecurity issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2582: Better interface invocations\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization\n cases\n\n - CVE-2018-2677: More refactoring for client\n deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n deserialization cases\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076366\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.161-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-src-1.8.0.161-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-20T15:05:42", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1;\n Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).\n (CVE-2018-2582)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0016_JAVA-1.8.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/127170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0016. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2582\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has java-1.8.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n require human interaction from a person other than the\n attacker. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial denial\n of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and\n run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments,\n typically in servers, that load and run only trusted\n code (e.g., code installed by an administrator). CVSS\n 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized creation, deletion or\n modification access to critical data or all Java SE,\n Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on\n the Java sandbox for security. This vulnerability does\n not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code\n installed by an administrator). CVSS 3.0 Base Score 6.1\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Hotspot). Supported\n versions that are affected are Java SE: 8u152 and 9.0.1;\n Java SE Embedded: 8u151. Easily exploitable\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java\n SE, Java SE Embedded. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access\n to critical data or all Java SE, Java SE Embedded\n accessible data. Note: This vulnerability applies to\n client and server deployment of Java. This vulnerability\n can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be\n exploited by supplying data to APIs in the specified\n Component without using sandboxed Java Web Start\n applications or sandboxed Java applets, such as through\n a web service. CVSS 3.0 Base Score 6.5 (Integrity\n impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).\n (CVE-2018-2582)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.8.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2637\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-20T15:05:10", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1;\n Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).\n (CVE-2018-2582)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0126_JAVA-1.8.0-OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/127375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0126. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127375);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2582\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0126)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by\nmultiple vulnerabilities:\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: JNDI).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2678)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks\n require human interaction from a person other than the\n attacker. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a partial denial\n of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and\n run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security.\n This vulnerability does not apply to Java deployments,\n typically in servers, that load and run only trusted\n code (e.g., code installed by an administrator). CVSS\n 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2677)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit\n component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u171,\n 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;\n JRockit: R28.3.16. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE\n Embedded, JRockit. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Java SE, Java SE Embedded,\n JRockit. Note: This vulnerability applies to client and\n server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by\n supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or\n sandboxed Java applets, such as through a web service.\n CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS\n Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n (CVE-2018-2663)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: AWT). Supported\n versions that are affected are Java SE: 6u171, 7u161,\n 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to\n exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require\n human interaction from a person other than the attacker\n and while the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can\n result in unauthorized creation, deletion or\n modification access to critical data or all Java SE,\n Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in\n clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on\n the Java sandbox for security. This vulnerability does\n not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code\n installed by an administrator). CVSS 3.0 Base Score 6.1\n (Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n (CVE-2018-2641)\n\n - Vulnerability in the Java SE, Java SE Embedded component\n of Oracle Java SE (subcomponent: Hotspot). Supported\n versions that are affected are Java SE: 8u152 and 9.0.1;\n Java SE Embedded: 8u151. Easily exploitable\n vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java\n SE, Java SE Embedded. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access\n to critical data or all Java SE, Java SE Embedded\n accessible data. Note: This vulnerability applies to\n client and server deployment of Java. This vulnerability\n can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be\n exploited by supplying data to APIs in the specified\n Component without using sandboxed Java Web Start\n applications or sandboxed Java applets, such as through\n a web service. CVSS 3.0 Base Score 6.5 (Integrity\n impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).\n (CVE-2018-2582)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL java-1.8.0-openjdk packages. Note that updated packages may not be available yet. Please\ncontact ZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2637\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2633\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-debuginfo-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-16T15:29:46", "description": "This update for java-1_8_0-openjdk fixes the following issues:\nSecurity issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2582: Better interface invocations\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization cases\n\n - CVE-2018-2677: More refactoring for client deserialization cases\n\n - CVE-2018-2678: More refactoring for naming deserialization cases\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:0663-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0663-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0663-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108510);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:0663-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues:\nSecurity issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366) :\n\n - CVE-2018-2579: Improve key keying case\n\n - CVE-2018-2582: Better interface invocations\n\n - CVE-2018-2588: Improve LDAP logins\n\n - CVE-2018-2599: Improve reliability of DNS lookups\n\n - CVE-2018-2602: Improve usage messages\n\n - CVE-2018-2603: Improve PKCS usage\n\n - CVE-2018-2618: Stricter key generation\n\n - CVE-2018-2629: Improve GSS handling\n\n - CVE-2018-2633: Improve LDAP lookup robustness\n\n - CVE-2018-2634: Improve property negotiations\n\n - CVE-2018-2637: Improve JMX supportive features\n\n - CVE-2018-2641: Improve GTK initialization\n\n - CVE-2018-2663: More refactoring for deserialization\n cases\n\n - CVE-2018-2677: More refactoring for client\n deserialization cases\n\n - CVE-2018-2678: More refactoring for naming\n deserialization cases\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2629/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180663-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e3f4083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-449=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-449=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-449=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-449=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-449=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-449=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-449=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-449=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.161-27.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.161-27.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:10:16", "description": "Security Fix(es) :\n\n - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20180117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/106124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106124);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20180117)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in the Hotspot and AWT\n components of OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass certain Java\n sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle LDAP\n referrals. An attacker could possibly use this flaw to\n make it fetch attacker controlled certificate data.\n (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass intended\n deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A remote\n attacker could possibly use this flaw to manipulate LDAP\n queries performed by the LdapLoginModule class.\n (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to those\n queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading resource\n bundle classes. A local attacker could possibly use this\n flaw to execute arbitrary code as another local user by\n making their Java application load an attacker\n controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if it\n parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations\n in the JCE component of OpenJDK did not guarantee\n sufficient strength of used keys to adequately protect\n generated shared secret. This could make it easier to\n break data encryption by attacking key agreement rather\n than the encryption using the negotiated secret.\n (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to use\n a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount of\n memory when deserialized. (CVE-2018-2663, CVE-2018-2677,\n CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=6612\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00b7937e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:14:06", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2018-01-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1028.NASL", "href": "https://www.tenable.com/plugins/nessus/106403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106403);\n script_version(\"3.98\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2582\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1028)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Multiple flaws were found in the Hotspot and AWT\n components of OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass certain Java\n sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle\n LDAP referrals. An attacker could possibly use this\n flaw to make it fetch attacker controlled certificate\n data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass\n intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A\n remote attacker could possibly use this flaw to\n manipulate LDAP queries performed by the\n LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to\n those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading\n resource bundle classes. A local attacker could\n possibly use this flaw to execute arbitrary code as\n another local user by making their Java application\n load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if\n it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement\n implementations in the JCE component of OpenJDK did not\n guarantee sufficient strength of used keys to\n adequately protect generated shared secret. This could\n make it easier to break data encryption by attacking\n key agreement rather than the encryption using the\n negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to\n use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially-crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount\n of memory when deserialized. (CVE-2018-2663,\n CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1028\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3be48844\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.161-0.b14\",\n \"java-1.8.0-openjdk-devel-1.8.0.161-0.b14\",\n \"java-1.8.0-openjdk-headless-1.8.0.161-0.b14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:13:25", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2018:0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/106172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0095 and \n# CentOS Errata and Security Advisory 2018:0095 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106172);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0095\");\n\n script_name(english:\"CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2018:0095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2018-2582,\nCVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022712.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?daa1dedf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022713.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4e81bd0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2599\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:13:27", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2018-01-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2018-1027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1027.NASL", "href": "https://www.tenable.com/plugins/nessus/106402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106402);\n script_version(\"3.86\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-2579\",\n \"CVE-2018-2582\",\n \"CVE-2018-2588\",\n \"CVE-2018-2599\",\n \"CVE-2018-2602\",\n \"CVE-2018-2603\",\n \"CVE-2018-2618\",\n \"CVE-2018-2629\",\n \"CVE-2018-2633\",\n \"CVE-2018-2634\",\n \"CVE-2018-2637\",\n \"CVE-2018-2641\",\n \"CVE-2018-2663\",\n \"CVE-2018-2677\",\n \"CVE-2018-2678\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2018-1027)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Multiple flaws were found in the Hotspot and AWT\n components of OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass certain Java\n sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n - It was discovered that the LDAPCertStore class in the\n JNDI component of OpenJDK failed to securely handle\n LDAP referrals. An attacker could possibly use this\n flaw to make it fetch attacker controlled certificate\n data. (CVE-2018-2633)\n\n - The JGSS component of OpenJDK ignores the value of the\n javax.security.auth.useSubjectCredsOnly property when\n using HTTP/SPNEGO authentication and always uses global\n credentials. It was discovered that this could cause\n global credentials to be unexpectedly used by an\n untrusted Java application. (CVE-2018-2634)\n\n - It was discovered that the JMX component of OpenJDK\n failed to properly set the deserialization filter for\n the SingleEntryRegistry in certain cases. A remote\n attacker could possibly use this flaw to bypass\n intended deserialization restrictions. (CVE-2018-2637)\n\n - It was discovered that the LDAP component of OpenJDK\n failed to properly encode special characters in user\n names when adding them to an LDAP search query. A\n remote attacker could possibly use this flaw to\n manipulate LDAP queries performed by the\n LdapLoginModule class. (CVE-2018-2588)\n\n - It was discovered that the DNS client implementation in\n the JNDI component of OpenJDK did not use random source\n ports when sending out DNS queries. This could make it\n easier for a remote attacker to spoof responses to\n those queries. (CVE-2018-2599)\n\n - It was discovered that the I18n component of OpenJDK\n could use an untrusted search path when loading\n resource bundle classes. A local attacker could\n possibly use this flaw to execute arbitrary code as\n another local user by making their Java application\n load an attacker controlled class file. (CVE-2018-2602)\n\n - It was discovered that the Libraries component of\n OpenJDK failed to sufficiently limit the amount of\n memory allocated when reading DER encoded input. A\n remote attacker could possibly use this flaw to make a\n Java application use an excessive amount of memory if\n it parsed attacker supplied DER encoded input.\n (CVE-2018-2603)\n\n - It was discovered that the key agreement\n implementations in the JCE component of OpenJDK did not\n guarantee sufficient strength of used keys to\n adequately protect generated shared secret. This could\n make it easier to break data encryption by attacking\n key agreement rather than the encryption using the\n negotiated secret. (CVE-2018-2618)\n\n - It was discovered that the JGSS component of OpenJDK\n failed to properly handle GSS context in the native GSS\n library wrapper in certain cases. A remote attacker\n could possibly make a Java application using JGSS to\n use a previously freed context. (CVE-2018-2629)\n\n - It was discovered that multiple classes in the\n Libraries, AWT, and JNDI components of OpenJDK did not\n sufficiently validate input when creating object\n instances from the serialized form. A specially-crafted\n input could cause a Java application to create objects\n with an inconsistent state or use an excessive amount\n of memory when deserialized. (CVE-2018-2663,\n CVE-2018-2677, CVE-2018-2678)\n\n - It was discovered that multiple encryption key classes\n in the Libraries component of OpenJDK did not properly\n synchronize access to their internal data. This could\n possibly cause a multi-threaded Java application to\n apply weak encryption to data because of the use of a\n key that was zeroed out. (CVE-2018-2579)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1027\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c3a4c7c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.161-0.b14\",\n \"java-1.8.0-openjdk-devel-1.8.0.161-0.b14\",\n \"java-1.8.0-openjdk-headless-1.8.0.161-0.b14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:14:09", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2018:0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/106122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0095. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106122);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0095\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2018:0095)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2018-2582,\nCVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0095\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:52:08", "description": "It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. (CVE-2018-2579)\n\nIt was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources.\n(CVE-2018-2582)\n\nIt was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. (CVE-2018-2588)\n\nIt was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications.\n(CVE-2018-2599)\n\nIt was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource bundle classes. A local attacker could use this to trick a user into running malicious code. (CVE-2018-2602)\n\nIt was discovered that OpenJDK did not properly restrict memory allocations when parsing DER input. A remote attacker could possibly use this to cause a denial of service. (CVE-2018-2603)\n\nIt was discovered that the Java Cryptography Extension (JCE) implementation in OpenJDK in some situations did guarantee sufficient strength of keys during key agreement. An attacker could use this to expose sensitive information. (CVE-2018-2618)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some situations did not properly handle GSS contexts in the native GSS library. An attacker could possibly use this to access unauthorized resources. (CVE-2018-2629)\n\nIt was discovered that the LDAP implementation in OpenJDK did not properly handle LDAP referrals in some situations. An attacker could possibly use this to expose sensitive information or gain unauthorized privileges. (CVE-2018-2633)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some situations did not properly apply subject credentials. An attacker could possibly use this to expose sensitive information or gain access to unauthorized resources. (CVE-2018-2634)\n\nIt was discovered that the Java Management Extensions (JMX) component of OpenJDK did not properly apply deserialization filters in some situations. An attacker could use this to bypass deserialization restrictions. (CVE-2018-2637)\n\nIt was discovered that a use-after-free vulnerability existed in the AWT component of OpenJDK when loading the GTK library. An attacker could possibly use this to execute arbitrary code and escape Java sandbox restrictions. (CVE-2018-2641)\n\nIt was discovered that in some situations OpenJDK did not properly validate objects when performing deserialization. An attacker could use this to cause a denial of service (application crash or excessive memory consumption). (CVE-2018-2663)\n\nIt was discovered that the AWT component of OpenJDK did not properly restrict the amount of memory allocated when deserializing some objects. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2677)\n\nIt was discovered that the JNDI component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects in some situations. An attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2018-2678).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : openjdk-8 vulnerabilities (USN-3613-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3613-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108793", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3613-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108793);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"USN\", value:\"3613-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : openjdk-8 vulnerabilities (USN-3613-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a race condition existed in the cryptography\nimplementation in OpenJDK. An attacker could possibly use this to\nexpose sensitive information. (CVE-2018-2579)\n\nIt was discovered that the Hotspot component of OpenJDK did not\nproperly validate uses of the invokeinterface JVM instruction. An\nattacker could possibly use this to access unauthorized resources.\n(CVE-2018-2582)\n\nIt was discovered that the LDAP implementation in OpenJDK did not\nproperly encode login names. A remote attacker could possibly use this\nto expose sensitive information. (CVE-2018-2588)\n\nIt was discovered that the DNS client implementation in OpenJDK did\nnot properly randomize source ports. A remote attacker could use this\nto spoof responses to DNS queries made by Java applications.\n(CVE-2018-2599)\n\nIt was discovered that the Internationalization component of OpenJDK\ndid not restrict search paths when loading resource bundle classes. A\nlocal attacker could use this to trick a user into running malicious\ncode. (CVE-2018-2602)\n\nIt was discovered that OpenJDK did not properly restrict memory\nallocations when parsing DER input. A remote attacker could possibly\nuse this to cause a denial of service. (CVE-2018-2603)\n\nIt was discovered that the Java Cryptography Extension (JCE)\nimplementation in OpenJDK in some situations did guarantee sufficient\nstrength of keys during key agreement. An attacker could use this to\nexpose sensitive information. (CVE-2018-2618)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some\nsituations did not properly handle GSS contexts in the native GSS\nlibrary. An attacker could possibly use this to access unauthorized\nresources. (CVE-2018-2629)\n\nIt was discovered that the LDAP implementation in OpenJDK did not\nproperly handle LDAP referrals in some situations. An attacker could\npossibly use this to expose sensitive information or gain unauthorized\nprivileges. (CVE-2018-2633)\n\nIt was discovered that the Java GSS implementation in OpenJDK in some\nsituations did not properly apply subject credentials. An attacker\ncould possibly use this to expose sensitive information or gain access\nto unauthorized resources. (CVE-2018-2634)\n\nIt was discovered that the Java Management Extensions (JMX) component\nof OpenJDK did not properly apply deserialization filters in some\nsituations. An attacker could use this to bypass deserialization\nrestrictions. (CVE-2018-2637)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAWT component of OpenJDK when loading the GTK library. An attacker\ncould possibly use this to execute arbitrary code and escape Java\nsandbox restrictions. (CVE-2018-2641)\n\nIt was discovered that in some situations OpenJDK did not properly\nvalidate objects when performing deserialization. An attacker could\nuse this to cause a denial of service (application crash or excessive\nmemory consumption). (CVE-2018-2663)\n\nIt was discovered that the AWT component of OpenJDK did not properly\nrestrict the amount of memory allocated when deserializing some\nobjects. An attacker could use this to cause a denial of service\n(excessive memory consumption). (CVE-2018-2677)\n\nIt was discovered that the JNDI component of OpenJDK did not properly\nrestrict the amount of memory allocated when deserializing objects in\nsome situations. An attacker could use this to cause a denial of\nservice (excessive memory consumption). (CVE-2018-2678).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3613-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk-headless\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-jamvm\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u162-b12-0ubuntu0.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"openjdk-8-jdk\", pkgver:\"8u162-b12-0ubuntu0.17.10.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"openjdk-8-jdk-headless\", pkgver:\"8u162-b12-0ubuntu0.17.10.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"openjdk-8-jre\", pkgver:\"8u162-b12-0ubuntu0.17.10.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u162-b12-0ubuntu0.17.10.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u162-b12-0ubuntu0.17.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk-8-jdk / openjdk-8-jdk-headless / openjdk-8-jre / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:51:04", "description": "SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)\n\nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601)\n\nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)\n\nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot, 8174962)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker.\nSuccessful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n(CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)\n\nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292)\n\nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525)\n\nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n(CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387)\n\nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\nUnbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n\nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212)\n\nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nDnsClient missing source port randomization (JNDI, 8182125)\n\nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-04-18T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-949.NASL", "href": "https://www.tenable.com/plugins/nessus/109121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-949.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109121);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"ALAS\", value:\"2018-949\");\n\n script_name(english:\"Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2018-949)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SingleEntryRegistry incorrect setup of deserialization filter (JMX,\n8186998)\n\nIt was discovered that the JMX component of OpenJDK failed to properly\nset the deserialization filter for the SingleEntryRegistry in certain\ncases. A remote attacker could possibly use this flaw to bypass\nintended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601)\n\nIt was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP,\n8178449)\n\nIt was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: Libraries). Easily exploitable\nvulnerability allows unauthenticated attacker with network access via\nmultiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than\nthe attacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot,\n8174962)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Hotspot). Easily exploitable vulnerability\nallows unauthenticated attacker with network access via multiple\nprotocols to compromise Java SE, Java SE Embedded. Successful attacks\nrequire human interaction from a person other than the attacker.\nSuccessful attacks of this vulnerability can result in unauthorized\ncreation, deletion or modification access to critical data or all Java\nSE, Java SE Embedded accessible data. Note: This vulnerability applies\nto client and server deployment of Java. This vulnerability can be\nexploited through sandboxed Java Web Start applications and sandboxed\nJava applets. It can also be exploited by supplying data to APIs in\nthe specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker and while the\nvulnerability is in Java SE, Java SE Embedded, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets, that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability does not apply to Java deployments,\ntypically in servers, that load and run only trusted code (e.g., code\ninstalled by an administrator). CVSS 3.0 Base Score 6.1 (Integrity\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n(CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)\n\nIt was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292)\n\nIt was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525)\n\nIt was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker. Successful attacks\nof this vulnerability can result in unauthorized ability to cause a\npartial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in\nclients running sandboxed Java Web Start applications or sandboxed\nJava applets, that load and run untrusted code (e.g., code that comes\nfrom the internet) and rely on the Java sandbox for security. This\nvulnerability does not apply to Java deployments, typically in\nservers, that load and run only trusted code (e.g., code installed by\nan administrator). CVSS 3.0 Base Score 4.3 (Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n(CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387)\n\nIt was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\nUnbounded memory allocation in BasicAttributes deserialization (JNDI,\n8191142)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability\nallows unauthenticated attacker with network access via multiple\nprotocols to compromise Java SE, Java SE Embedded, JRockit. Successful\nattacks require human interaction from a person other than the\nattacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n\nThe JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212)\n\nIt was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nDnsClient missing source port randomization (JNDI, 8182125)\n\nIt was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-949.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:15:35", "description": "SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)\n\nIt was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601)\n\nIt was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)\n\nIt was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot, 8174962)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker.\nSuccessful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n(CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)\n\nIt was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292)\n\nIt was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525)\n\nIt was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n(CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387)\n\nIt was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\nUnbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n\nThe JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212)\n\nIt was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nDnsClient missing source port randomization (JNDI, 8182125)\n\nIt was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.8.0-openjdk", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-949.NASL", "href": "https://www.tenable.com/plugins/nessus/106694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-949.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106694);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"ALAS\", value:\"2018-949\");\n\n script_name(english:\"Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-949)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SingleEntryRegistry incorrect setup of deserialization filter (JMX,\n8186998)\n\nIt was discovered that the JMX component of OpenJDK failed to properly\nset the deserialization filter for the SingleEntryRegistry in certain\ncases. A remote attacker could possibly use this flaw to bypass\nintended deserialization restrictions. (CVE-2018-2637)\n\nLoading of classes from untrusted locations (I18n, 8182601)\n\nIt was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\nLdapLoginModule insufficient username encoding in LDAP query (LDAP,\n8178449)\n\nIt was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\nArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: Libraries). Easily exploitable\nvulnerability allows unauthenticated attacker with network access via\nmultiple protocols to compromise Java SE, Java SE Embedded, JRockit.\nSuccessful attacks require human interaction from a person other than\nthe attacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2663)\n\nInsufficient validation of the invokeinterface instruction (Hotspot,\n8174962)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: Hotspot). Easily exploitable vulnerability\nallows unauthenticated attacker with network access via multiple\nprotocols to compromise Java SE, Java SE Embedded. Successful attacks\nrequire human interaction from a person other than the attacker.\nSuccessful attacks of this vulnerability can result in unauthorized\ncreation, deletion or modification access to critical data or all Java\nSE, Java SE Embedded accessible data. Note: This vulnerability applies\nto client and server deployment of Java. This vulnerability can be\nexploited through sandboxed Java Web Start applications and sandboxed\nJava applets. It can also be exploited by supplying data to APIs in\nthe specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). (CVE-2018-2582)\n\nGTK library loading use-after-free (AWT, 8185325)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Difficult to exploit vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker and while the\nvulnerability is in Java SE, Java SE Embedded, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all Java SE, Java SE Embedded\naccessible data. Note: This vulnerability applies to Java deployments,\ntypically in clients running sandboxed Java Web Start applications or\nsandboxed Java applets, that load and run untrusted code (e.g., code\nthat comes from the internet) and rely on the Java sandbox for\nsecurity. This vulnerability does not apply to Java deployments,\ntypically in servers, that load and run only trusted code (e.g., code\ninstalled by an administrator). CVSS 3.0 Base Score 6.1 (Integrity\nimpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).\n(CVE-2018-2641)\n\nLDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)\n\nIt was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\nInsufficient strength of key agreement (JCE, 8185292)\n\nIt was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\nUnsynchronized access to encryption key data (Libraries, 8172525)\n\nIt was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nUnbounded memory allocation during deserialization (AWT, 8190289)\n\nVulnerability in the Java SE, Java SE Embedded component of Oracle\nJava SE (subcomponent: AWT). Easily exploitable vulnerability allows\nunauthenticated attacker with network access via multiple protocols to\ncompromise Java SE, Java SE Embedded. Successful attacks require human\ninteraction from a person other than the attacker. Successful attacks\nof this vulnerability can result in unauthorized ability to cause a\npartial denial of service (partial DOS) of Java SE, Java SE Embedded.\nNote: This vulnerability applies to Java deployments, typically in\nclients running sandboxed Java Web Start applications or sandboxed\nJava applets, that load and run untrusted code (e.g., code that comes\nfrom the internet) and rely on the Java sandbox for security. This\nvulnerability does not apply to Java deployments, typically in\nservers, that load and run only trusted code (e.g., code installed by\nan administrator). CVSS 3.0 Base Score 4.3 (Availability impacts).\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).\n(CVE-2018-2677)\n\nDerValue unbounded memory allocation (Libraries, 8182387)\n\nIt was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\nUnbounded memory allocation in BasicAttributes deserialization (JNDI,\n8191142)\n\nVulnerability in the Java SE, Java SE Embedded, JRockit component of\nOracle Java SE (subcomponent: JNDI). Easily exploitable vulnerability\nallows unauthenticated attacker with network access via multiple\nprotocols to compromise Java SE, Java SE Embedded, JRockit. Successful\nattacks require human interaction from a person other than the\nattacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial\nDOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability\napplies to client and server deployment of Java. This vulnerability\ncan be exploited through sandboxed Java Web Start applications and\nsandboxed Java applets. It can also be exploited by supplying data to\nAPIs in the specified Component without using sandboxed Java Web Start\napplications or sandboxed Java applets, such as through a web service.\nCVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). (CVE-2018-2678)\n\nUse of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n\nThe JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\nGSS context use-after-free (JGSS, 8186212)\n\nIt was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\nDnsClient missing source port randomization (JNDI, 8182125)\n\nIt was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-949.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.8.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.36.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:12:47", "description": "From Red Hat Security Advisory 2018:0095 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2018-0095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.8.0-openjdk", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/106119", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0095 and \n# Oracle Linux Security Advisory ELSA-2018-0095 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106119);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0095\");\n\n script_name(english:\"Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2018-0095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0095 :\n\nAn update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the Hotspot and AWT components of\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2018-2582,\nCVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component\nof OpenJDK failed to securely handle LDAP referrals. An attacker could\npossibly use this flaw to make it fetch attacker controlled\ncertificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the\njavax.security.auth.useSubjectCredsOnly property when using\nHTTP/SPNEGO authentication and always uses global credentials. It was\ndiscovered that this could cause global credentials to be unexpectedly\nused by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to\nproperly set the deserialization filter for the SingleEntryRegistry in\ncertain cases. A remote attacker could possibly use this flaw to\nbypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to\nproperly encode special characters in user names when adding them to\nan LDAP search query. A remote attacker could possibly use this flaw\nto manipulate LDAP queries performed by the LdapLoginModule class.\n(CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI\ncomponent of OpenJDK did not use random source ports when sending out\nDNS queries. This could make it easier for a remote attacker to spoof\nresponses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an\nuntrusted search path when loading resource bundle classes. A local\nattacker could possibly use this flaw to execute arbitrary code as\nanother local user by making their Java application load an attacker\ncontrolled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to\nsufficiently limit the amount of memory allocated when reading DER\nencoded input. A remote attacker could possibly use this flaw to make\na Java application use an excessive amount of memory if it parsed\nattacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE\ncomponent of OpenJDK did not guarantee sufficient strength of used\nkeys to adequately protect generated shared secret. This could make it\neasier to break data encryption by attacking key agreement rather than\nthe encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to\nproperly handle GSS context in the native GSS library wrapper in\ncertain cases. A remote attacker could possibly make a Java\napplication using JGSS to use a previously freed context.\n(CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and\nJNDI components of OpenJDK did not sufficiently validate input when\ncreating object instances from the serialized form. A specially\ncrafted input could cause a Java application to create objects with an\ninconsistent state or use an excessive amount of memory when\ndeserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the\nLibraries component of OpenJDK did not properly synchronize access to\ntheir internal data. This could possibly cause a multi-threaded Java\napplication to apply weak encryption to data because of the use of a\nkey that was zeroed out. (CVE-2018-2579)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007460.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-3.b14.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-3.b14.el6_9\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.161-0.b14.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.161-0.b14.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:29:45", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "type": "nessus", "title": "Debian DSA-4144-1 : openjdk-8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-8", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4144.NASL", "href": "https://www.tenable.com/plugins/nessus/108421", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4144. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108421);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"DSA\", value:\"4144\");\n\n script_name(english:\"Debian DSA-4144-1 : openjdk-8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in denial of\nservice, sandbox bypass, execution of arbitrary code, incorrect\nLDAP/GSS authentication, insecure use of cryptography or bypass of\ndeserialisation restrictions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4144\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-8 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 8u162-b12-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-dbg\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-demo\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-doc\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk-headless\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-headless\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-zero\", reference:\"8u162-b12-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-source\", reference:\"8u162-b12-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:13:28", "description": "An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.6.0-sun (RHSA-2018:0115)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4"], "id": "REDHAT-RHSA-2018-0115.NASL", "href": "https://www.tenable.com/plugins/nessus/106256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106256);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:0115\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.6.0-sun (RHSA-2018:0115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.6.0-sun is now available for Oracle Java for Red\nHat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 6 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602,\nCVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633,\nCVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663,\nCVE-2018-2677, CVE-2018-2678)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae82f1b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javase/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.1.el6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.181-1jpp.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.181-1jpp.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:58:53", "description": "An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-06-08T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2018:1812)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1812.NASL", "href": "https://www.tenable.com/plugins/nessus/110405", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1812. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110405);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2581\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n script_xref(name:\"RHSA\", value:\"2018:1812\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2018:1812)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Satellite\n5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es) :\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI,\n8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)\n(CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization\nfilter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325)\n(CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and\n9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP\nquery (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)\n(CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601)\n(CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)\n(CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292)\n(CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171\n(Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state\n(Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT,\n8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes\ndeserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries,\n8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.7.1-ibm and / or java-1.7.1-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1812\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.20-1jpp.3.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-devel\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:17:59", "description": "This update for java-1_7_1-ibm fixes the following issue: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the proper file system locations. Without those symlinks, several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0743-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108482);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issue: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the\n proper file system locations. Without those symlinks,\n several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180743-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e573633\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-498=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:20:53", "description": "This update for java-1_7_0-ibm provides the following fixes: The version was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl –\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0645-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0645-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107288);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-ibm provides the following fixes: The\nversion was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n – Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n – Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n –\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180645-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45cb336f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-java-1_7_0-ibm-13503=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-java-1_7_0-ibm-13503=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-devel-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:40:02", "description": "This update for java-1_7_1-ibm fixes the following issues: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0694-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0694-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108400);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issues: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180694-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95900a6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-475=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:40:08", "description": "This update for java-1_7_1-ibm provides the following fix: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl –\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-03-08T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107213);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm provides the following fix: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n – Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n – Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n –\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180630-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d88d6af2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-java-1_7_1-ibm-13500=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-java-1_7_1-ibm-13500=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-16T15:14:07", "description": "An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "cvss3": {"score": 8.3, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "modified": "2021-03-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4"], "id": "REDHAT-RHSA-2018-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/106183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0100. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106183);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2581\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\", \"CVE-2018-2783\");\n script_xref(name:\"RHSA\", value:\"2018:0100\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599,\nCVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629,\nCVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641,\nCVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae82f1b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javaseproducts/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0100\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-04-08T14:52:28", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\n - Removed java-1_8_0-ibm-alsa and java-1_8_0-ibm-plugin entries in baselibs.conf due to errors in osc source_validator Version update to 8.0.5.10 [bsc#1082810]\n\n - Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ02608 Class Libraries: Change of namespace definitions with handlers that implement javax.xml.ws.handler.soap.soaphandler\n\n - IJ04280 Class Libraries: Deploy Upgrade to Oracle level 8u161-b12\n\n - IJ03390 Class Libraries: JCL Upgrade to Oracle level 8u161-b12\n\n - IJ04001 Class Libraries: Performance improvement with child process on AIX\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03440 Java Virtual Machine: Assertion failure during class creation\n\n - IJ03717 Java Virtual Machine: Assertion for gencon with concurrent scavenger on ZOS64\n\n - IJ03513 Java Virtual Machine: Assertion in concurrent scavenger if initial heap memory size -Xms is set too low\n\n - IJ03994 Java Virtual Machine: Class.getmethods() does not return all methods\n\n - IJ03413 Java Virtual Machine: Hang creating thread after redefining classes\n\n - IJ03852 Java Virtual Machine: ICH408I message when groupaccess is specified with -xshareclasses\n\n - IJ03716 Java Virtual Machine: java/lang/linkageerror from sun/misc/unsafe.definean onymousclass()\n\n - IJ03116 Java Virtual Machine: java.fullversion string contains an extra space\n\n - IJ03347 Java Virtual Machine:\n java.lang.IllegalStateException in related class MemoryMXBean\n\n - IJ03878 Java Virtual Machine:\n java.lang.StackOverflowError is thrown when custom security manager in place\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ04248 JIT Compiler: ArrayIndexOutOfBoundsException is thrown when converting BigDecimal to String\n\n - IJ04250 JIT Compiler: Assertion failure with concurrentScavenge on Z14\n\n - IJ03606 JIT Compiler: Java crashes with -version\n\n - IJ04251 JIT Compiler: JIT compiled method that takes advantage of AutoSIMD produces an incorrect result on x86\n\n - IJ03854 JIT Compiler: JVM info message appears in stdout\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ03715 Security: Add additional support for the IBMJCEPlus provider, add support for new IBMJCEPlusFIPS provider\n\n - IJ03800 Security: A fix in CMS provider for KDB integrity\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl –\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - PI93233 z/OS Extentions: Cipher.doFinal() fails when using AES/GCM/nopadding with AAD data of 13 bytes and a block size 	 of 4081 to 4096\n\n - Fixes in 8.0.5.7 :\n\n - IJ02605 Class Libraries: Update IBM-1371 charset with new specification support\n\n - IJ02541 Java Virtual Machine: Assertions in GC when jvmti runs with Concurrent Scavenger\n\n - IJ02443 Java Virtual Machine: Committed eden region size is bigger than maximum eden region size\n\n - IJ02378 Java Virtual Machine: Existing signal action for SIG_IGN/SIG_DFL is not detected properly\n\n - IJ02758 JIT Compiler: Crash in JIT module during method compilation\n\n - IJ02733 JIT Compiler: Crash in jit
[SECURITY] [DLA 1339-1] openjdk-7 security update
