Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2420.NASL
HistoryFeb 29, 2012 - 12:00 a.m.

Debian DSA-2420-1 : openjdk-6 - several vulnerabilities

2012-02-2900:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

  • CVE-2011-3377 The IcedTea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name.

  • CVE-2011-3563 The Java Sound component did not properly check for array boundaries. A malicious input or an untrusted Java application or applet could use this flaw to cause Java Virtual Machine to crash or disclose portion of its memory.

  • CVE-2011-5035 The OpenJDK embedded web server did not guard against an excessive number of a request parameters, leading to a denial of service vulnerability involving hash collisions.

  • CVE-2012-0497 It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. This could lead to JVM crash or Java sandbox bypass.

  • CVE-2012-0501 The ZIP central directory parser used by java.util.zip.ZipFile entered an infinite recursion in native code when processing a crafted ZIP file, leading to a denial of service.

  • CVE-2012-0502 A flaw was found in the AWT KeyboardFocusManager class that could allow untrusted Java applets to acquire keyboard focus and possibly steal sensitive information.

  • CVE-2012-0503 The java.util.TimeZone.setDefault() method lacked a security manager invocation, allowing an untrusted Java application or applet to set a new default time zone.

  • CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications.

  • CVE-2012-0506 It was discovered that CORBA implementation in Java did not properly protect repository identifiers (that can be obtained using _ids() method) on certain Corba objects.
    This could have been used to perform modification of the data that should have been immutable.

  • CVE-2012-0507 The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2420. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58148);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");

  script_cve_id(
    "CVE-2011-3377",
    "CVE-2011-3563",
    "CVE-2011-5035",
    "CVE-2012-0497",
    "CVE-2012-0501",
    "CVE-2012-0502",
    "CVE-2012-0503",
    "CVE-2012-0505",
    "CVE-2012-0506",
    "CVE-2012-0507"
  );
  script_bugtraq_id(
    50610,
    51194,
    52009,
    52011,
    52012,
    52013,
    52014,
    52017,
    52018,
    52161
  );
  script_xref(name:"DSA", value:"2420");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Debian DSA-2420-1 : openjdk-6 - several vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform.

  - CVE-2011-3377
    The IcedTea browser plugin included in the openjdk-6
    package does not properly enforce the Same Origin Policy
    on web content served under a domain name which has a
    common suffix with the required domain name.

  - CVE-2011-3563
    The Java Sound component did not properly check for
    array boundaries. A malicious input or an untrusted Java
    application or applet could use this flaw to cause Java
    Virtual Machine to crash or disclose portion of its
    memory.

  - CVE-2011-5035
    The OpenJDK embedded web server did not guard against an
    excessive number of a request parameters, leading to a
    denial of service vulnerability involving hash
    collisions.

  - CVE-2012-0497
    It was discovered that Java2D did not properly check
    graphics rendering objects before passing them to the
    native renderer. This could lead to JVM crash or Java
    sandbox bypass.

  - CVE-2012-0501
    The ZIP central directory parser used by
    java.util.zip.ZipFile entered an infinite recursion in
    native code when processing a crafted ZIP file, leading
    to a denial of service.

  - CVE-2012-0502
    A flaw was found in the AWT KeyboardFocusManager class
    that could allow untrusted Java applets to acquire
    keyboard focus and possibly steal sensitive information.

  - CVE-2012-0503
    The java.util.TimeZone.setDefault() method lacked a
    security manager invocation, allowing an untrusted Java
    application or applet to set a new default time zone.

  - CVE-2012-0505
    The Java serialization code leaked references to
    serialization exceptions, possibly leaking critical
    objects to untrusted code in Java applets and
    applications.

  - CVE-2012-0506
    It was discovered that CORBA implementation in Java did
    not properly protect repository identifiers (that can be
    obtained using _ids() method) on certain Corba objects.
    This could have been used to perform modification of the
    data that should have been immutable.

  - CVE-2012-0507
    The AtomicReferenceArray class implementation did not
    properly check if the array is of an expected Object[]
    type. A malicious Java application or applet could use
    this flaw to cause Java Virtual Machine to crash or
    bypass Java sandbox restrictions.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3377");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3563");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-5035");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0497");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0501");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0502");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0503");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0505");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0506");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0507");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/squeeze/openjdk-6");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2420");
  script_set_attribute(attribute:"solution", value:
"Upgrade the openjdk-6 packages.

For the stable distribution (squeeze), these problems have been fixed
in version 6b18-1.8.13-0+squeeze1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"icedtea-6-jre-cacao", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-dbg", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-demo", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-doc", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-jdk", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-jre", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-jre-headless", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-jre-lib", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-jre-zero", reference:"6b18-1.8.13-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"openjdk-6-source", reference:"6b18-1.8.13-0+squeeze1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxopenjdk-6p-cpe:/a:debian:debian_linux:openjdk-6
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

References

Related

osv 1
debian 1
openvas 60
nessus 42
ubuntu 2
oraclelinux 3
centos 1
redhat 8
suse 7
amazon 1
fedora 12
veracode 12
ibm 3
threatpost 2
securityvulns 1
seebug 3
prion 7
cve 7
ubuntucve 9
debiancve 2
cisa 1
checkpoint_advisories 3
packetstorm 1
thn 3
saint 4
cisa_kev 1
canvas 1
metasploit 1
osv
osv
openjdk-6 - several
2012-02-28 00:00:00
debian
debian
[SECURITY] [DSA 2420-1] openjdk-6 security update
2012-02-28 20:11:47
openvas
openvas
Debian Security Advisory DSA 2420-1 (openjdk-6)
2012-03-12 00:00:00
Debian: Security Advisory (DSA-2420-1)
2012-03-12 00:00:00
Ubuntu: Security Advisory (USN-1373-2)
2012-03-07 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6b18 vulnerabilities (USN-1373-2)
2012-03-01 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6 vulnerabilities (USN-1373-1)
2012-02-27 00:00:00
Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0322)
2013-07-12 00:00:00
ubuntu
ubuntu
OpenJDK 6 (ARM) vulnerabilities
2012-03-01 00:00:00
OpenJDK 6 vulnerabilities
2012-02-24 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-02-15 00:00:00
java-1.6.0-openjdk security update
2012-02-28 00:00:00
icedtea-web security update
2011-11-09 00:00:00
centos
centos
java security update
2012-02-15 10:26:37
redhat
redhat
(RHSA-2012:0135) Critical: java-1.6.0-openjdk security update
2012-02-14 00:00:00
(RHSA-2012:0322) Important: java-1.6.0-openjdk security update
2012-02-21 00:00:00
(RHSA-2012:0514) Critical: java-1.6.0-ibm security update
2012-04-24 00:00:00
suse
suse
Security update for Java 1.6.0 (important)
2012-02-27 21:08:20
java-1_6_0-openjdk: Update to iced tea 1.11.1 b24 security release (important)
2012-02-27 21:08:27
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
amazon
amazon
Critical: java-1.6.0-openjdk
2012-02-15 17:12:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc17
2012-02-28 10:45:39
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
2012-09-19 03:03:35
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)
2020-12-22 17:41:28
Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012
2022-08-19 18:23:31
threatpost
threatpost
Mozilla Adds Older Java Versions to Firefox Blocklist
2012-04-03 13:25:06
Nepalese Government Sites Hacked, Serving Zegost Malware
2012-08-08 20:16:56
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
Oracle Java SE i18n子组件远程安全漏洞
2012-02-29 00:00:00
Java AtomicReferenceArray Type Violation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2014-02-05 19:55:00
Buffer overflow
2011-12-30 01:55:00
Design/Logic Flaw
2012-02-15 22:55:00
cve
cve
CVE-2011-3377
2014-02-05 19:55:00
CVE-2011-5035
2011-12-30 01:55:00
CVE-2012-0506
2012-02-15 22:55:00
ubuntucve
ubuntucve
CVE-2011-3377
2011-11-08 00:00:00
CVE-2011-5035
2011-12-29 00:00:00
CVE-2012-0506
2012-02-15 00:00:00
debiancve
debiancve
CVE-2011-3377
2014-02-05 19:55:00
CVE-2011-5035
2011-12-30 01:55:00
cisa
cisa
Apple Update for Java for OS X Lion and Mac OS X
2012-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java zip_util readCEN Stack Overflow (CVE-2012-0501)
2012-05-14 00:00:00
Oracle Java AtomicReferenceArray Sandbox Breach Code Execution (CVE-2012-0507)
2012-04-16 00:00:00
Oracle Java AtomicReferenceArray Sandbox Breach Code Execution - Ver2 (CVE-2012-0507)
2014-12-28 00:00:00
packetstorm
packetstorm
Java AtomicReferenceArray Type Violation
2012-03-30 00:00:00
thn
thn
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 14:48:00
New Java Exploits boosts BlackHole exploit kit
2012-04-01 19:36:00
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 03:48:00
saint
saint
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
canvas
canvas
Immunity Canvas: JAVA_ATOMICREFERENCEARRAY
2012-06-07 22:55:00
metasploit
metasploit
Java AtomicReferenceArray Type Violation Vulnerability
2012-03-29 15:31:14
JSON
Related for DEBIAN_DSA-2420.NASL
osv1debian1openvas60nessus42ubuntu2oraclelinux3centos1redhat8suse7amazon1fedora12veracode12ibm3threatpost2securityvulns1seebug3prion7cve7ubuntucve9debiancve2cisa1checkpoint_advisories3packetstorm1thn3saint4cisa_kev1canvas1metasploit1