Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2013-185.NASL
HistorySep 04, 2013 - 12:00 a.m.

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)

2013-09-0400:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
85
JSON

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption.
(CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384)

Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558 , CVE-2013-2422 , CVE-2013-1518 , CVE-2013-1557)

The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. (CVE-2013-1537)

The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420)

It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431 , CVE-2013-2421)

It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429 , CVE-2013-2430)

The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2013-1488 , CVE-2013-2426)

The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-0401)

Flaws were discovered in the Network component’s InetAddress serialization, and the 2D component’s font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. (CVE-2013-2417 , CVE-2013-2419)

The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424)

It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS.
(CVE-2013-2415)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2013-185.
#

include("compat.inc");

if (description)
{
  script_id(69744);
  script_version("1.7");
  script_cvs_date("Date: 2019/07/10 16:04:12");

  script_cve_id("CVE-2013-0401", "CVE-2013-1488", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1557", "CVE-2013-1558", "CVE-2013-1569", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-2417", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2426", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431");
  script_xref(name:"ALAS", value:"2013-185");
  script_xref(name:"RHSA", value:"2013:0770");

  script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple flaws were discovered in the font layout engine in the 2D
component. An untrusted Java application or applet could possibly use
these flaws to trigger Java Virtual Machine memory corruption.
(CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384)

Multiple improper permission check issues were discovered in the
Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted
Java application or applet could use these flaws to bypass Java
sandbox restrictions. (CVE-2013-1558 , CVE-2013-2422 , CVE-2013-1518 ,
CVE-2013-1557)

The previous default value of the java.rmi.server.useCodebaseOnly
property permitted the RMI implementation to automatically load
classes from remotely specified locations. An attacker able to connect
to an application using RMI could use this flaw to make the
application execute arbitrary code. (CVE-2013-1537)

The 2D component did not properly process certain images. An untrusted
Java application or applet could possibly use this flaw to trigger
Java Virtual Machine memory corruption. (CVE-2013-2420)

It was discovered that the Hotspot component did not properly handle
certain intrinsic frames, and did not correctly perform MethodHandle
lookups. An untrusted Java application or applet could use these flaws
to bypass Java sandbox restrictions. (CVE-2013-2431 , CVE-2013-2421)

It was discovered that JPEGImageReader and JPEGImageWriter in the
ImageIO component did not protect against modification of their state
while performing certain native code operations. An untrusted Java
application or applet could possibly use these flaws to trigger Java
Virtual Machine memory corruption. (CVE-2013-2429 , CVE-2013-2430)

The JDBC driver manager could incorrectly call the toString() method
in JDBC drivers, and the ConcurrentHashMap class could incorrectly
call the defaultReadObject() method. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox
restrictions. (CVE-2013-1488 , CVE-2013-2426)

The sun.awt.datatransfer.ClassLoaderObjectInputStream class may
incorrectly invoke the system class loader. An untrusted Java
application or applet could possibly use this flaw to bypass certain
Java sandbox restrictions. (CVE-2013-0401)

Flaws were discovered in the Network component's InetAddress
serialization, and the 2D component's font handling. An untrusted Java
application or applet could possibly use these flaws to crash the Java
Virtual Machine. (CVE-2013-2417 , CVE-2013-2419)

The MBeanInstantiator class implementation in the OpenJDK JMX
component did not properly check class access before creating new
instances. An untrusted Java application or applet could use this flaw
to create instances of non-public classes. (CVE-2013-2424)

It was discovered that JAX-WS could possibly create temporary files
with insecure permissions. A local attacker could use this flaw to
access temporary files created by an application using JAX-WS.
(CVE-2013-2415)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2013-185.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update java-1.6.0-openjdk' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxjava-1.6.0-openjdkp-cpe:/a:amazon:linux:java-1.6.0-openjdk
amazonlinuxjava-1.6.0-openjdk-debuginfop-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo
amazonlinuxjava-1.6.0-openjdk-demop-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo
amazonlinuxjava-1.6.0-openjdk-develp-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel
amazonlinuxjava-1.6.0-openjdk-javadocp-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc
amazonlinuxjava-1.6.0-openjdk-srcp-cpe:/a:amazon:linux:java-1.6.0-openjdk-src
amazonlinuxcpe:/o:amazon:linux

References

Related

nessus 45
redhat 8
oraclelinux 3
openvas 61
centos 3
amazon 2
ubuntu 5
fedora 13
suse 7
securityvulns 5
prion 8
debiancve 2
cve 8
ubuntucve 7
ibm 11
osv 2
debian 3
veracode 3
checkpoint_advisories 2
zdi 1
nessus
nessus
SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)
2013-05-22 00:00:00
CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:0770)
2013-04-25 00:00:00
RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:0770)
2013-04-25 00:00:00
redhat
redhat
(RHSA-2013:0770) Important: java-1.6.0-openjdk security update
2013-04-24 00:00:00
(RHSA-2013:0752) Important: java-1.7.0-openjdk security update
2013-04-17 00:00:00
(RHSA-2013:0751) Critical: java-1.7.0-openjdk security update
2013-04-17 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-04-24 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01
2013-04-25 00:00:00
CentOS Update for java CESA-2013:0770 centos6
2013-04-25 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-185)
2015-09-08 00:00:00
centos
centos
java security update
2013-04-24 20:56:24
java security update
2013-04-17 22:33:59
java security update
2013-04-17 21:01:08
amazon
amazon
Important: java-1.6.0-openjdk
2013-04-25 20:40:00
Critical: java-1.7.0-openjdk
2013-04-18 13:59:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-05-07 00:00:00
OpenJDK 7 vulnerabilities
2013-04-23 00:00:00
ICU vulnerabilities
2015-03-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.6.fc19
2013-04-25 14:19:39
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc18
2013-04-18 02:47:29
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc17
2013-04-19 05:01:04
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-05-21 20:04:20
Security update for Java 1.4.2 (important)
2013-06-10 18:09:23
Security update for IBM Java (important)
2013-07-03 15:04:18
securityvulns
securityvulns
APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15
2013-04-22 00:00:00
Oracle Java / OpenJDK multiple security vulnerabilities
2013-04-22 00:00:00
libicu multiple security vulnerabilities
2015-03-07 00:00:00
prion
prion
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 17:55:00
debiancve
debiancve
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2383
2013-04-17 18:55:00
cve
cve
CVE-2013-2383
2013-04-17 18:55:00
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2380
2013-04-17 17:55:00
ubuntucve
ubuntucve
CVE-2013-2384
2013-04-17 00:00:00
CVE-2013-2383
2013-04-17 00:00:00
CVE-2013-2436
2013-04-17 00:00:00
ibm
ibm
Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013
2022-09-25 21:06:56
Security Bulletin: IBM WebSphere Lombardi Edition – Information regarding security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
2022-09-25 21:06:56
Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
2022-09-25 21:06:56
osv
osv
icu - security update
2015-03-15 00:00:00
icu - security update
2015-05-14 00:00:00
debian
debian
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
[SECURITY] [DLA 219-1] icu security update
2015-05-14 09:45:27
veracode
veracode
Improper Access Control
2019-05-02 04:44:37
Memory Corruption
2019-05-02 04:44:37
Memory Corruption
2019-05-02 04:44:37
checkpoint_advisories
checkpoint_advisories
Oracle Java JPEGImageWriter Memory Corruption (CVE-2013-2429)
2013-08-25 00:00:00
Oracle Java JPEGImageWriter Memory Corruption - Ver2 (CVE-2013-2429)
2014-03-31 00:00:00
zdi
zdi
Oracle Java setICMpixels Remote Code Execution Vulnerability
2013-05-10 00:00:00
JSON
Related for ALA_ALAS-2013-185.NASL
nessus45redhat8oraclelinux3openvas61centos3amazon2ubuntu5fedora13suse7securityvulns5prion8debiancve2cve8ubuntucve7ibm11osv2debian3veracode3checkpoint_advisories2zdi1