NewStart CGSL MAIN 5.04 java-1.7.0-openjdk Multiple Vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OSV | openjdk-7 - security update | 4 Apr 201800:00 | – | osv |
OSV | openjdk-7 - security update | 3 Apr 201800:00 | – | osv |
OSV | Red Hat Security Advisory: java-1.7.0-openjdk security update | 16 Sep 202400:57 | – | osv |
OSV | Red Hat Security Advisory: java-1.8.0-openjdk security update | 16 Sep 202400:57 | – | osv |
OSV | openjdk-8 - security update | 17 Mar 201800:00 | – | osv |
OSV | Red Hat Security Advisory: java-1.6.0-sun security update | 16 Sep 202400:56 | – | osv |
OSV | Red Hat Security Advisory: java-1.7.1-ibm security update | 16 Sep 202400:56 | – | osv |
OSV | Red Hat Security Advisory: java-1.7.0-oracle security update | 16 Sep 202400:56 | – | osv |
OSV | Red Hat Security Advisory: java-1.7.1-ibm security update | 16 Sep 202400:57 | – | osv |
OSV | Red Hat Security Advisory: java-1.7.1-ibm security update | 16 Sep 202400:57 | – | osv |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0012. The text
# itself is copyright (C) ZTE, Inc.
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(127162);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/19");
script_cve_id(
"CVE-2018-2579",
"CVE-2018-2588",
"CVE-2018-2599",
"CVE-2018-2602",
"CVE-2018-2603",
"CVE-2018-2618",
"CVE-2018-2629",
"CVE-2018-2633",
"CVE-2018-2634",
"CVE-2018-2637",
"CVE-2018-2641",
"CVE-2018-2663",
"CVE-2018-2677",
"CVE-2018-2678"
);
script_name(english:"NewStart CGSL MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0012)");
script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 5.04, has java-1.7.0-openjdk packages installed that are affected by
multiple vulnerabilities:
- Vulnerability in the Java SE, Java SE Embedded, JRockit
component of Oracle Java SE (subcomponent: JNDI).
Supported versions that are affected are Java SE: 6u171,
7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;
JRockit: R28.3.16. Easily exploitable vulnerability
allows unauthenticated attacker with network access via
multiple protocols to compromise Java SE, Java SE
Embedded, JRockit. Successful attacks require human
interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of
service (partial DOS) of Java SE, Java SE Embedded,
JRockit. Note: This vulnerability applies to client and
server deployment of Java. This vulnerability can be
exploited through sandboxed Java Web Start applications
and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component
without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service.
CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
(CVE-2018-2678)
- Vulnerability in the Java SE, Java SE Embedded component
of Oracle Java SE (subcomponent: AWT). Supported
versions that are affected are Java SE: 6u171, 7u161,
8u152 and 9.0.1; Java SE Embedded: 8u151. Easily
exploitable vulnerability allows unauthenticated
attacker with network access via multiple protocols to
compromise Java SE, Java SE Embedded. Successful attacks
require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a partial denial
of service (partial DOS) of Java SE, Java SE Embedded.
Note: This vulnerability applies to Java deployments,
typically in clients running sandboxed Java Web Start
applications or sandboxed Java applets, that load and
run untrusted code (e.g., code that comes from the
internet) and rely on the Java sandbox for security.
This vulnerability does not apply to Java deployments,
typically in servers, that load and run only trusted
code (e.g., code installed by an administrator). CVSS
3.0 Base Score 4.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
(CVE-2018-2677)
- Vulnerability in the Java SE, Java SE Embedded, JRockit
component of Oracle Java SE (subcomponent: Libraries).
Supported versions that are affected are Java SE: 6u171,
7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151;
JRockit: R28.3.16. Easily exploitable vulnerability
allows unauthenticated attacker with network access via
multiple protocols to compromise Java SE, Java SE
Embedded, JRockit. Successful attacks require human
interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a partial denial of
service (partial DOS) of Java SE, Java SE Embedded,
JRockit. Note: This vulnerability applies to client and
server deployment of Java. This vulnerability can be
exploited through sandboxed Java Web Start applications
and sandboxed Java applets. It can also be exploited by
supplying data to APIs in the specified Component
without using sandboxed Java Web Start applications or
sandboxed Java applets, such as through a web service.
CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS
Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
(CVE-2018-2663)
- It was discovered that multiple encryption key classes
in the Libraries component of OpenJDK did not properly
synchronize access to their internal data. This could
possibly cause a multi-threaded Java application to
apply weak encryption to data because of the use of a
key that was zeroed out. (CVE-2018-2579)
- It was discovered that the LDAP component of OpenJDK
failed to properly encode special characters in user
names when adding them to an LDAP search query. A remote
attacker could possibly use this flaw to manipulate LDAP
queries performed by the LdapLoginModule class.
(CVE-2018-2588)
- It was discovered that the I18n component of OpenJDK
could use an untrusted search path when loading resource
bundle classes. A local attacker could possibly use this
flaw to execute arbitrary code as another local user by
making their Java application load an attacker
controlled class file. (CVE-2018-2602)
- It was discovered that the DNS client implementation in
the JNDI component of OpenJDK did not use random source
ports when sending out DNS queries. This could make it
easier for a remote attacker to spoof responses to those
queries. (CVE-2018-2599)
- It was discovered that the Libraries component of
OpenJDK failed to sufficiently limit the amount of
memory allocated when reading DER encoded input. A
remote attacker could possibly use this flaw to make a
Java application use an excessive amount of memory if it
parsed attacker supplied DER encoded input.
(CVE-2018-2603)
- It was discovered that the JGSS component of OpenJDK
failed to properly handle GSS context in the native GSS
library wrapper in certain cases. A remote attacker
could possibly make a Java application using JGSS to use
a previously freed context. (CVE-2018-2629)
- It was discovered that the key agreement implementations
in the JCE component of OpenJDK did not guarantee
sufficient strength of used keys to adequately protect
generated shared secret. This could make it easier to
break data encryption by attacking key agreement rather
than the encryption using the negotiated secret.
(CVE-2018-2618)
- Vulnerability in the Java SE, Java SE Embedded component
of Oracle Java SE (subcomponent: AWT). Supported
versions that are affected are Java SE: 6u171, 7u161,
8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to
exploit vulnerability allows unauthenticated attacker
with network access via multiple protocols to compromise
Java SE, Java SE Embedded. Successful attacks require
human interaction from a person other than the attacker
and while the vulnerability is in Java SE, Java SE
Embedded, attacks may significantly impact additional
products. Successful attacks of this vulnerability can
result in unauthorized creation, deletion or
modification access to critical data or all Java SE,
Java SE Embedded accessible data. Note: This
vulnerability applies to Java deployments, typically in
clients running sandboxed Java Web Start applications or
sandboxed Java applets, that load and run untrusted code
(e.g., code that comes from the internet) and rely on
the Java sandbox for security. This vulnerability does
not apply to Java deployments, typically in servers,
that load and run only trusted code (e.g., code
installed by an administrator). CVSS 3.0 Base Score 6.1
(Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).
(CVE-2018-2641)
- The JGSS component of OpenJDK ignores the value of the
javax.security.auth.useSubjectCredsOnly property when
using HTTP/SPNEGO authentication and always uses global
credentials. It was discovered that this could cause
global credentials to be unexpectedly used by an
untrusted Java application. (CVE-2018-2634)
- It was discovered that the JMX component of OpenJDK
failed to properly set the deserialization filter for
the SingleEntryRegistry in certain cases. A remote
attacker could possibly use this flaw to bypass intended
deserialization restrictions. (CVE-2018-2637)
- It was discovered that the LDAPCertStore class in the
JNDI component of OpenJDK failed to securely handle LDAP
referrals. An attacker could possibly use this flaw to
make it fetch attacker controlled certificate data.
(CVE-2018-2633)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0012");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL java-1.7.0-openjdk packages. Note that updated packages may not be available yet. Please
contact ZTE for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2637");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-2633");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
if (release !~ "CGSL MAIN 5.04")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');
if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
flag = 0;
pkgs = {
"CGSL MAIN 5.04": [
"java-1.7.0-openjdk-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-accessibility-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-debuginfo-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-demo-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-devel-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-headless-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-javadoc-1.7.0.171-2.6.13.0.el7_4",
"java-1.7.0-openjdk-src-1.7.0.171-2.6.13.0.el7_4"
]
};
pkg_list = pkgs[release];
foreach (pkg in pkg_list)
if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo