Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2010-6025.NASL
HistoryJul 01, 2010 - 12:00 a.m.

Fedora 12 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 (2010-6025)

2010-07-0100:00:00
This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

Add latest security updates.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-6025.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47410);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id(
    "CVE-2009-3555",
    "CVE-2010-0082",
    "CVE-2010-0084",
    "CVE-2010-0085",
    "CVE-2010-0088",
    "CVE-2010-0091",
    "CVE-2010-0092",
    "CVE-2010-0093",
    "CVE-2010-0094",
    "CVE-2010-0095",
    "CVE-2010-0837",
    "CVE-2010-0838",
    "CVE-2010-0840",
    "CVE-2010-0841",
    "CVE-2010-0845",
    "CVE-2010-0847",
    "CVE-2010-0848"
  );
  script_bugtraq_id(
    36935,
    39065,
    39067,
    39069,
    39071,
    39072,
    39075,
    39078,
    39081,
    39085,
    39086,
    39088,
    39089,
    39090,
    39093,
    39094,
    39096
  );
  script_xref(name:"FEDORA", value:"2010-6025");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"Fedora 12 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 (2010-6025)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Add latest security updates.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=533125");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575736");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575740");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575745");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575747");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575755");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575756");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575760");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575764");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575769");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575772");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575775");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575789");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575808");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575818");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575846");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575854");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575861");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575865");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575871");
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038497.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e517bf72");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.6.0-openjdk package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java Statement.invoke() Trusted Method Chain Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(310);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC12", reference:"java-1.6.0-openjdk-1.6.0.0-37.b17.fc12")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk");
}
VendorProductVersionCPE
fedoraprojectfedorajava-1.6.0-openjdkp-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk
fedoraprojectfedora12cpe:/o:fedoraproject:fedora:12

References

Related

fedora 4
openvas 37
nessus 42
oraclelinux 1
ubuntu 1
securityvulns 8
redhat 10
centos 1
suse 2
gentoo 1
ubuntucve 15
prion 16
cve 16
checkpoint_advisories 2
veracode 16
packetstorm 3
seebug 3
symantec 1
canvas 2
metasploit 2
zdi 5
saint 4
thn 2
cisa_kev 1
attackerkb 1
exploitpack 1
altlinux 1
debian 1
fedora
fedora
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
openvas
openvas
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025
2010-04-09 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039
2010-04-09 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025
2010-04-09 00:00:00
nessus
nessus
Fedora 11 : java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 (2010-6039)
2010-07-01 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)
2010-04-30 00:00:00
Fedora 13 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 (2010-6279)
2010-07-01 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
securityvulns
securityvulns
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
redhat
redhat
(RHSA-2010:0339) Important: java-1.6.0-openjdk security update
2010-03-31 00:00:00
(RHSA-2010:0338) Critical: java-1.5.0-sun security update
2010-03-31 00:00:00
(RHSA-2010:0130) Moderate: java-1.5.0-ibm security update
2010-03-03 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
suse
suse
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
ubuntucve
ubuntucve
CVE-2010-0088
2010-04-01 00:00:00
CVE-2010-0095
2010-04-01 00:00:00
CVE-2010-0085
2010-04-01 00:00:00
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
cve
cve
CVE-2010-0091
2010-04-01 16:30:00
CVE-2010-0084
2010-04-01 16:30:00
CVE-2010-0085
2010-04-01 16:30:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
Oracle Java Runtime CMM readMabCurveData Buffer Overflow (CVE-2010-0838)
2010-10-03 00:00:00
veracode
veracode
Access Restriction Bypass
2020-04-10 00:47:59
Privilege Escalation
2020-04-10 00:45:50
Information Disclosure
2020-04-10 00:45:51
packetstorm
packetstorm
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2010-09-09 00:00:00
Month Of Abysssec Undisclosed Bugs - Java CMM
2010-09-21 00:00:00
Java Statement.invoke() Trusted Method Chain Exploit
2010-08-24 00:00:00
seebug
seebug
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2014-07-01 00:00:00
Java Statement.invoke() Trusted Method Chain Exploit
2014-07-01 00:00:00
Java CMM readMabCurveData - Stack Overflow
2014-07-01 00:00:00
symantec
symantec
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
2010-03-30 00:00:00
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE2
2010-04-01 16:30:00
Immunity Canvas: JAVA_METHOD_CHAIN
2010-04-01 16:30:00
metasploit
metasploit
Java RMIConnectionImpl Deserialization Privilege Escalation
2010-09-08 08:20:55
Java Statement.invoke() Trusted Method Chain Privilege Escalation
2010-08-21 06:38:29
zdi
zdi
Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
2010-04-05 00:00:00
Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability
2010-04-05 00:00:00
saint
saint
Java Runtime CMM readMabCurveData Buffer Overflow
2010-10-04 00:00:00
Java Runtime CMM readMabCurveData Buffer Overflow
2010-10-04 00:00:00
Java Runtime CMM readMabCurveData Buffer Overflow
2010-10-04 00:00:00
thn
thn
Phoenix exploit kit 2.5 leaked, Download Now !
2011-04-15 07:47:00
Crimepack 3.1.3 Exploit kit Leaked, available for Download !
2011-05-15 00:56:00
cisa_kev
cisa_kev
Oracle JRE Unspecified Vulnerability
2022-05-25 00:00:00
attackerkb
attackerkb
CVE-2010-0840
2010-04-01 00:00:00
exploitpack
exploitpack
Java 6.19 CMM readMabCurveData - Remote Stack Overflow
2010-09-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
debian
debian
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
JSON
Related for FEDORA_2010-6025.NASL
fedora4openvas37nessus42oraclelinux1ubuntu1securityvulns8redhat10centos1suse2gentoo1ubuntucve15prion16cve16checkpoint_advisories2veracode16packetstorm3seebug3symantec1canvas2metasploit2zdi5saint4thn2cisa_kev1attackerkb1exploitpack1altlinux1debian1