Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2023 Tenable Network Security, Inc.AIX_JAVA_OCT2016_ADVISORY.NASL
HistoryFeb 07, 2017 - 12:00 a.m.

AIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)

2017-02-0700:00:00
This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.
www.tenable.com
106
JSON

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents :

  • An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5542)

  • An unspecified flaw exists in the JMX subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-5554)

  • An unspecified flaw exists in the 2D subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5556)

  • An unspecified flaw exists in the AWT subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5568)

  • An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
    (CVE-2016-5597)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(97051);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/21");

  script_cve_id(
    "CVE-2016-5542",
    "CVE-2016-5554",
    "CVE-2016-5556",
    "CVE-2016-5568",
    "CVE-2016-5573",
    "CVE-2016-5597"
  );
  script_bugtraq_id(
    93618,
    93621,
    93623,
    93628,
    93636,
    93637,
    93643
  );
  script_xref(name:"EDB-ID", value:"118073");

  script_name(english:"AIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)");
  script_summary(english:"Checks the version of the Java package.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Java SDK installed on the remote AIX host is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Java SDK installed on the remote AIX host is affected
by multiple vulnerabilities in the following subcomponents :

  - An unspecified flaw exists in the Libraries subcomponent
    that allows an unauthenticated, remote attacker to
    impact integrity. (CVE-2016-5542)

  - An unspecified flaw exists in the JMX subcomponent that
    allows an unauthenticated, remote attacker to impact
    integrity. (CVE-2016-5554)

  - An unspecified flaw exists in the 2D subcomponent that
    allows an unauthenticated, remote attacker to execute
    arbitrary code. (CVE-2016-5556)

  - An unspecified flaw exists in the AWT subcomponent that
    allows an unauthenticated, remote attacker to execute
    arbitrary code. (CVE-2016-5568)

  - An unspecified flaw exists in the Networking
    subcomponent that allows an unauthenticated, remote
    attacker to disclose sensitive information.
    (CVE-2016-5597)");
  # https://aix.software.ibm.com/aix/efixes/security/java_oct2016_advisory.asc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5c188e0d");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+32-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce533d8f");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=6.0.0.0&platform=AIX+64-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17d05c61");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4595696");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9abd5252");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ee03dc1");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f7a066c");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52d4ddf3");
  # https://www-945.ibm.com/support/fixcentral/swg/selectFixes?
  # parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?343fa903");
  # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
  script_set_attribute(attribute:"solution", value:
"Fixes are available by version and can be downloaded from the IBM AIX
website.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/07");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"AIX Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}

include("aix.inc");
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
oslevel = get_kb_item_or_exit("Host/AIX/version");
if ( oslevel != "AIX-5.3" && oslevel != "AIX-6.1" && oslevel != "AIX-7.1" && oslevel != "AIX-7.2" )
{
  oslevel = ereg_replace(string:oslevel, pattern:"-", replace:" ");
  audit(AUDIT_OS_NOT, "AIX 5.3 / 6.1 / 7.1 / 7.2", oslevel);
}

if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

flag = 0;

#Java6 6.0.0.635
if (aix_check_package(release:"5.3", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"6.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java6.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"5.3", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"6.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java6_64.sdk", minpackagever:"6.0.0.0", maxpackagever:"6.0.0.634", fixpackagever:"6.0.0.635") > 0) flag++;

#Java7 7.0.0.560
if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.0.0.0", maxpackagever:"7.0.0.559", fixpackagever:"7.0.0.560") > 0) flag++;

#Java7.1 7.1.0.360
if (aix_check_package(release:"6.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java7.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
if (aix_check_package(release:"6.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java7_64.sdk", minpackagever:"7.1.0.0", maxpackagever:"7.1.0.359", fixpackagever:"7.1.0.360") > 0) flag++;

#Java8.0 8.0.0.321
if (aix_check_package(release:"6.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java8.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
if (aix_check_package(release:"6.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
if (aix_check_package(release:"7.1", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;
if (aix_check_package(release:"7.2", package:"Java8_64.sdk", minpackagever:"8.0.0.0", maxpackagever:"8.0.0.320", fixpackagever:"8.0.0.321") > 0) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : aix_report_get()
  );
}
else
{
  tested = aix_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Java6 / Java7 / Java8");
}
VendorProductVersionCPE
ibmaixcpe:/o:ibm:aix
oraclejrecpe:/a:oracle:jre
oraclejdkcpe:/a:oracle:jdk

Related

nessus 50
suse 9
openvas 30
ibm 71
redhat 10
f5 1
aix 1
gentoo 2
kaspersky 1
centos 3
ubuntu 3
amazon 3
mageia 1
oraclelinux 3
debian 2
photon 1
redhatcve 1
zdi 1
prion 1
cve 2
debiancve 1
ubuntucve 1
veracode 1
nessus
nessus
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)
2016-12-07 00:00:00
SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)
2016-12-12 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)
2016-12-12 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2016-12-05 18:07:46
Security update for java-1_7_1-ibm (important)
2016-12-07 20:07:14
Security update for java-1_7_0-ibm (important)
2016-12-09 18:10:37
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:3041-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3068-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3078-1)
2021-04-19 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
2018-06-23 05:57:07
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, and CVE-2016-5542)
2018-06-16 21:47:52
Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time
2018-06-15 07:06:29
redhat
redhat
(RHSA-2016:2138) Critical: java-1.7.0-ibm security update
2016-11-02 00:00:00
(RHSA-2016:2137) Critical: java-1.7.1-ibm security update
2016-11-02 10:42:12
(RHSA-2016:2659) Critical: java-1.6.0-ibm security update
2016-11-07 00:00:00
f5
f5
K63427774 : Multiple Oracle Java SE vulnerabilities
2017-01-12 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-12-21 14:38:46
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-11-04 00:00:00
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
kaspersky
kaspersky
KLA10887 Multiple vulnerabilities in Oracle Java SE
2016-10-19 00:00:00
centos
centos
java security update
2017-01-12 15:48:29
java security update
2016-11-12 06:29:49
java security update
2016-10-19 14:40:38
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2016-11-17 00:00:00
OpenJDK 6 vulnerabilities
2016-12-08 00:00:00
OpenJDK 8 vulnerabilities
2016-11-03 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2016-10-27 17:00:00
Important: java-1.7.0-openjdk
2016-11-18 12:30:00
Important: java-1.6.0-openjdk
2017-02-06 18:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-10-26 02:11:42
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-10-19 00:00:00
java-1.6.0-openjdk security update
2017-01-12 00:00:00
java-1.7.0-openjdk security update
2016-11-09 00:00:00
debian
debian
[SECURITY] [DLA 704-1] openjdk-7 security update
2016-11-06 23:22:35
[SECURITY] [DSA 3707-1] openjdk-7 security update
2016-11-07 18:31:05
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0015
2016-12-29 00:00:00
redhatcve
redhatcve
CVE-2016-5568
2016-10-18 20:17:49
zdi
zdi
Oracle Java Runtime Environment java.awt.Menu Use-After-Free Remote Code Execution Vulnerability
2016-11-01 00:00:00
prion
prion
Buffer overflow
2016-10-25 14:30:00
cve
cve
CVE-2016-5568
2016-10-25 14:30:00
CVE-2016-5542
2016-10-25 14:30:00
debiancve
debiancve
CVE-2016-5568
2016-10-25 14:30:00
ubuntucve
ubuntucve
CVE-2016-5568
2016-10-25 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:51:05
JSON
Related for AIX_JAVA_OCT2016_ADVISORY.NASL
nessus50suse9openvas30ibm71redhat10f51aix1gentoo2kaspersky1centos3ubuntu3amazon3mageia1oraclelinux3debian2photon1redhatcve1zdi1prion1cve2debiancve1ubuntucve1veracode1