Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3465.NASLHistoryFeb 04, 2016 - 12:00 a.m.
Debian DSA-3465-1 : openjdk-6 - security update (SLOTH)
2016-02-0400:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
81
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3465. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(88568);
script_version("2.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-7575", "CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0483", "CVE-2016-0494");
script_xref(name:"DSA", value:"3465");
script_name(english:"Debian DSA-3465-1 : openjdk-6 - security update (SLOTH)");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosure, denial of service and
insecure cryptography."
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/openjdk-6"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2016/dsa-3465"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the openjdk-6 packages.
For the oldstable distribution (wheezy), these problems have been
fixed in version 6b38-1.13.10-1~deb7u1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/02");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"icedtea-6-jre-cacao", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"icedtea-6-jre-jamvm", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-dbg", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-demo", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-doc", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-jdk", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-jre", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-jre-headless", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-jre-lib", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-jre-zero", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"openjdk-6-source", reference:"6b38-1.13.10-1~deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | openjdk-6 | p-cpe:/a:debian:debian_linux:openjdk-6 |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
packages.debian.org/source/wheezy/openjdk-6
www.debian.org/security/2016/dsa-3465
Related
nessus
nessus
Debian DSA-3458-1 : openjdk-7 - security update (SLOTH)
2016-01-28 00:00:00
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2884-1)
2016-02-02 00:00:00
RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2016:0067)
2016-01-27 00:00:00
debian
debian
[SECURITY] [DSA 3458-1] openjdk-7 security update
2016-01-27 21:00:48
[SECURITY] [DSA 3465-1] openjdk-6 security update
2016-02-02 21:31:52
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
openvas
openvas
Debian: Security Advisory (DSA-3458-1)
2016-01-26 00:00:00
Debian Security Advisory DSA 3458-1 (openjdk-7 - security update)
2016-01-27 00:00:00
Debian Security Advisory DSA 3465-1 (openjdk-6 - security update)
2016-02-05 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2016-02-19 15:48:00
Important: java-1.8.0-openjdk
2016-02-09 13:30:00
Important: java-1.7.0-openjdk
2016-02-09 13:30:00
centos
centos
java security update
2016-01-26 13:28:19
java security update
2016-01-21 19:37:41
java security update
2016-01-21 17:19:22
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2016-01-26 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
java-1.7.0-openjdk security update
2016-01-21 00:00:00
redhat
redhat
(RHSA-2016:0067) Important: java-1.6.0-openjdk security update
2016-01-26 00:00:00
(RHSA-2016:0054) Important: java-1.7.0-openjdk security update
2016-01-21 00:00:00
(RHSA-2016:0053) Critical: java-1.7.0-openjdk security update
2016-01-21 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
mageia
mageia
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (critical)
2016-01-27 21:11:29
Security update for java-1_7_0-openjdk (critical)
2016-01-27 21:14:13
Security update for java-1_8_0-openjdk (critical)
2016-01-27 15:13:41
f5
f5
kaspersky
kaspersky
KLA10743 Multiple vulnerabilities in Oracle Java SE
2016-01-20 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57
Related for DEBIAN_DSA-3465.NASL