EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1015)

2017-05-0100:00:00

www.tenable.com

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.(CVE-2016-0686, CVE-2016-0687)
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.
(CVE-2016-3427)
It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed.(CVE-2016-3425)
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures.The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.(CVE-2016-0695)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99778);
  script_version("1.68");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");

  script_cve_id(
    "CVE-2016-0686",
    "CVE-2016-0687",
    "CVE-2016-0695",
    "CVE-2016-3425",
    "CVE-2016-3427"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");

  script_name(english:"EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1015)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the java-1.7.0-openjdk packages
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - Multiple flaws were discovered in the Serialization and
    Hotspot components in OpenJDK. An untrusted Java
    application or applet could use these flaws to
    completely bypass Java sandbox
    restrictions.(CVE-2016-0686, CVE-2016-0687)

  - It was discovered that the RMI server implementation in
    the JMX component in OpenJDK did not restrict which
    classes can be deserialized when deserializing
    authentication credentials. A remote, unauthenticated
    attacker able to connect to a JMX port could possibly
    use this flaw to trigger deserialization flaws.
    (CVE-2016-3427)

  - It was discovered that the JAXP component in OpenJDK
    failed to properly handle Unicode surrogate pairs used
    as part of the XML attribute values. Specially crafted
    XML input could cause a Java application to use an
    excessive amount of memory when parsed.(CVE-2016-3425)

  - It was discovered that the Security component in
    OpenJDK failed to check the digest algorithm strength
    when generating DSA signatures.The use of a digest
    weaker than the key strength could lead to the
    generation of signatures that were weaker than
    expected.(CVE-2016-0695)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1015
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?60ff8657");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.7.0-openjdk packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3427");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2016-0687");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["java-1.7.0-openjdk-1.7.0.101-2.6.6.1",
        "java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1",
        "java-1.7.0-openjdk-headless-1.7.0.101-2.6.6.1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk");
}

VendorProductVersionCPE
huaweieulerosjava-1.7.0-openjdkp-cpe:/a:huawei:euleros:java-1.7.0-openjdk
huaweieulerosjava-1.7.0-openjdk-develp-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel
huaweieulerosjava-1.7.0-openjdk-headlessp-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	java-1.7.0-openjdk	p-cpe:/a:huawei:euleros:java-1.7.0-openjdk
huawei	euleros	java-1.7.0-openjdk-devel	p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel
huawei	euleros	java-1.7.0-openjdk-headless	p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0