OpenJDK security patches applied.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-10913.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(37147);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360");
script_xref(name:"FEDORA", value:"2008-10913");
script_name(english:"Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"OpenJDK security patches applied.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472201"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472206"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472208"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472209"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472211"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472212"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472213"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472218"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472224"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472228"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472231"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472233"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=472234"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017354.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f8359641"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected java-1.6.0-openjdk package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(119, 189, 200, 264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
script_set_attribute(attribute:"patch_publication_date", value:"2008/12/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC10", reference:"java-1.6.0-openjdk-1.6.0.0-7.b12.fc10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | java-1.6.0-openjdk | p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk |
fedoraproject | fedora | 10 | cpe:/o:fedoraproject:fedora:10 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
www.nessus.org/u?f8359641
bugzilla.redhat.com/show_bug.cgi?id=472201
bugzilla.redhat.com/show_bug.cgi?id=472206
bugzilla.redhat.com/show_bug.cgi?id=472208
bugzilla.redhat.com/show_bug.cgi?id=472209
bugzilla.redhat.com/show_bug.cgi?id=472211
bugzilla.redhat.com/show_bug.cgi?id=472212
bugzilla.redhat.com/show_bug.cgi?id=472213
bugzilla.redhat.com/show_bug.cgi?id=472218
bugzilla.redhat.com/show_bug.cgi?id=472224
bugzilla.redhat.com/show_bug.cgi?id=472228
bugzilla.redhat.com/show_bug.cgi?id=472231
bugzilla.redhat.com/show_bug.cgi?id=472233
bugzilla.redhat.com/show_bug.cgi?id=472234