Lucene search
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.ALA_ALAS-2013-151.NASLHistorySep 04, 2013 - 12:00 a.m.
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-151)
2013-09-0400:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
16
Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2013-151.
#
include("compat.inc");
if (description)
{
script_id(69710);
script_version("1.5");
script_cvs_date("Date: 2018/04/18 15:09:34");
script_cve_id("CVE-2012-3174");
script_xref(name:"ALAS", value:"2013-151");
script_xref(name:"RHSA", value:"2013:0165");
script_name(english:"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-151)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Two improper permission check issues were discovered in the reflection
API in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions."
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2013-151.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update java-1.7.0-openjdk' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2013/02/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.15.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | java-1.7.0-openjdk | p-cpe:/a:amazon:linux:java-1.7.0-openjdk |
| amazon | linux | java-1.7.0-openjdk-debuginfo | p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo |
| amazon | linux | java-1.7.0-openjdk-demo | p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo |
| amazon | linux | java-1.7.0-openjdk-devel | p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel |
| amazon | linux | java-1.7.0-openjdk-javadoc | p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc |
| amazon | linux | java-1.7.0-openjdk-src | p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src |
| amazon | linux | cpe:/o:amazon:linux |
Related
amazon
amazon
Important: java-1.7.0-openjdk
2013-02-03 12:35:00
veracode
veracode
Authorization Bypass
2019-01-15 08:53:56
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-151)
2015-09-08 00:00:00
Oracle Java SE Multiple Remote Code Execution Vulnerabilities - Windows
2013-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18
2013-01-16 19:35:17
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17
2013-01-16 19:42:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16
2013-01-16 19:49:12
suse
suse
java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)
2013-01-25 14:04:23
Security update for Java (important)
2013-03-13 00:05:30
nessus
nessus
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0156)
2013-01-15 00:00:00
CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0165)
2013-01-17 00:00:00
Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)
2013-02-22 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-01-16 00:00:00
ubuntucve
ubuntucve
CVE-2012-3174
2013-01-14 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
cve
cve
CVE-2012-3174
2013-01-14 22:55:00
CVE-2013-0422
2013-01-10 21:55:00
redhat
redhat
(RHSA-2013:0165) Important: java-1.7.0-openjdk security update
2013-01-16 00:00:00
(RHSA-2013:0156) Critical: java-1.7.0-oracle security update
2013-01-14 00:00:00
(RHSA-2013:0626) Critical: java-1.7.0-ibm security update
2013-03-11 00:00:00
cert
cert
Java 7 fails to restrict access to privileged code
2013-01-10 00:00:00
seebug
seebug
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-01-16 00:00:00
centos
centos
java security update
2013-01-16 20:29:20
zdi
zdi
prion
prion
Design/Logic Flaw
2013-01-14 22:55:00
Design/Logic Flaw
2013-01-10 21:55:00
attackerkb
attackerkb
CVE-2013-0422
2013-01-10 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Rational Developer for System z due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
2020-10-27 15:51:50
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
Related for ALA_ALAS-2013-151.NASL