Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-47.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0199-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs and also severe security issues :

  • Security fixes

  • S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries

  • S8006017, CVE-2013-0422: Improve lookup resolutions

  • S8006125: Update MethodHandles library interactions

  • Bug fixes

  • S7197906: BlockOffsetArray::power_to_cards_back() needs to handle > 32 bit shifts

  • G422525: Fix building with PaX enabled kernels.

  • use gpg-offline to check the validity of icedtea tarball

  • use jamvm on %arm

  • use icedtea package name instead of protected openjdk for jamvm builds

  • fix armv5 build

  • update to java access bridge 1.26.2

  • bugfix release, mainly 64bit JNI and JVM support

  • fix a segfault in AWT code - (bnc#792951)

  • add openjdk-7-src-b147-awt-crasher.patch

  • turn pulseaudio off on pre 11.4 distros

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-47.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75022);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id("CVE-2012-3174", "CVE-2013-0422");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0199-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs and also
severe security issues :

  - Security fixes

  - S8004933, CVE-2012-3174: Improve MethodHandle
    interaction with libraries

  - S8006017, CVE-2013-0422: Improve lookup resolutions

  - S8006125: Update MethodHandles library interactions

  - Bug fixes

  - S7197906: BlockOffsetArray::power_to_cards_back() needs
    to handle > 32 bit shifts

  - G422525: Fix building with PaX enabled kernels.

  - use gpg-offline to check the validity of icedtea tarball

  - use jamvm on %arm

  - use icedtea package name instead of protected openjdk
    for jamvm builds

  - fix armv5 build

  - update to java access bridge 1.26.2

  - bugfix release, mainly 64bit JNI and JVM support

  - fix a segfault in AWT code - (bnc#792951)

  - add openjdk-7-src-b147-awt-crasher.patch

  - turn pulseaudio off on pre 11.4 distros");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=792951");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798324");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798521");
  script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-01/msg00082.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1_7_0-openjdk packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java Applet JMX Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-demo-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-devel-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-javadoc-1.7.0.6-3.20.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"java-1_7_0-openjdk-src-1.7.0.6-3.20.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
}
VendorProductVersionCPE
novellopensusejava-1_7_0-openjdkp-cpe:/a:novell:opensuse:java-1_7_0-openjdk
novellopensusejava-1_7_0-openjdk-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo
novellopensusejava-1_7_0-openjdk-debugsourcep-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource
novellopensusejava-1_7_0-openjdk-demop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo
novellopensusejava-1_7_0-openjdk-demo-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo
novellopensusejava-1_7_0-openjdk-develp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel
novellopensusejava-1_7_0-openjdk-devel-debuginfop-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo
novellopensusejava-1_7_0-openjdk-javadocp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc
novellopensusejava-1_7_0-openjdk-srcp-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src
novellopensuse12.2cpe:/o:novell:opensuse:12.2

Related

prion 2
nessus 18
openvas 21
cve 2
seebug 3
redhat 3
cert 1
centos 1
ubuntu 1
oraclelinux 1
fedora 3
suse 2
ubuntucve 2
zdi 1
attackerkb 1
amazon 1
veracode 2
checkpoint_advisories 4
securityvulns 2
threatpost 11
zdt 1
ibm 10
packetstorm 1
symantec 1
thn 3
saint 8
canvas 1
cisa_kev 1
metasploit 1
exploitdb 1
freebsd 1
fireeye 1
securelist 1
gentoo 1
prion
prion
Design/Logic Flaw
2013-01-14 22:55:00
Design/Logic Flaw
2013-01-10 21:55:00
nessus
nessus
Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16 (2013-0888)
2013-01-17 00:00:00
Oracle Java SE 7 <= Update 10 Remote Code Execution
2012-01-10 00:00:00
Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1693-1)
2013-01-17 00:00:00
openvas
openvas
RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01
2013-01-21 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853
2013-01-21 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853
2013-01-21 00:00:00
cve
cve
CVE-2012-3174
2013-01-14 22:55:00
CVE-2013-0422
2013-01-10 21:55:00
seebug
seebug
Oracle Java Runtime Environment ๆœชๆ˜Ž่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž(CVE-2012-3174)
2013-01-16 00:00:00
Oracle Java 7 JmxMBeanServer็ฑป่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž
2013-01-14 00:00:00
Java Applet JMX Remote Code Execution
2014-07-01 00:00:00
redhat
redhat
(RHSA-2013:0165) Important: java-1.7.0-openjdk security update
2013-01-16 00:00:00
(RHSA-2013:0156) Critical: java-1.7.0-oracle security update
2013-01-14 00:00:00
(RHSA-2013:0626) Critical: java-1.7.0-ibm security update
2013-03-11 00:00:00
cert
cert
Java 7 fails to restrict access to privileged code
2013-01-10 00:00:00
centos
centos
java security update
2013-01-16 20:29:20
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-01-16 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18
2013-01-16 19:35:17
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17
2013-01-16 19:42:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16
2013-01-16 19:49:12
suse
suse
java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)
2013-01-25 14:04:23
Security update for Java (important)
2013-03-13 00:05:30
ubuntucve
ubuntucve
CVE-2012-3174
2013-01-14 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
zdi
zdi
Oracle Java Runtime Environment MethodHandle Security Manager Bypass Remote Code Execution Vulnerability
2013-02-01 00:00:00
attackerkb
attackerkb
CVE-2013-0422
2013-01-10 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2013-02-03 12:35:00
veracode
veracode
Authorization Bypass
2019-01-15 08:53:56
Sandbox Restrictions Bypass
2019-05-02 04:46:00
checkpoint_advisories
checkpoint_advisories
Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)
2014-02-03 00:00:00
Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)
2014-01-07 00:00:00
Oracle Java JmxMBeanServer Package Sandbox Breach (CVE-2013-0422)
2013-01-13 00:00:00
securityvulns
securityvulns
0-day vulnerability in Oracle Java is used to install maliscious software
2013-01-21 00:00:00
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
2013-01-21 00:00:00
threatpost
threatpost
NBC Website Hacked, Leading Visitors to Citadel Banking Malware
2013-02-21 21:07:10
ADP-Themed Phishing Emails Lead to Blackhole Sites
2013-01-14 18:29:21
Emergency Zero-Day Patch Does Not Quiet Calls to Disable Java
2013-01-14 16:40:39
zdt
zdt
Java Applet JMX Remote Code Execution Vulnerability
2013-01-11 00:00:00
ibm
ibm
Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Collaborative Lifecycle Management products (CVE-2013-0422)
2018-06-17 04:42:53
Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Change (CVE-2013-0422)
2018-06-17 04:42:58
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Advanced/Enterprise for the Oracle CPU February 2013.
2022-09-25 23:13:40
packetstorm
packetstorm
Java Applet JMX Remote Code Execution
2013-01-11 00:00:00
symantec
symantec
Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities
2013-01-10 00:00:00
thn
thn
Oracle Patches Java Zero Day Vulnerability
2013-01-16 06:01:00
Oracle Patches Java Zero Day Vulnerability
2013-01-16 17:01:00
ICEPOL Ransomware Servers seized by Romanian Police that infected 260,000 Computers
2014-01-29 22:48:00
saint
saint
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
canvas
canvas
Immunity Canvas: JAVA_MBEANINSTANTIATOR_FINDCLASS
2013-01-10 21:55:00
cisa_kev
cisa_kev
Oracle JRE Remote Code Execution Vulnerability
2022-05-25 00:00:00
metasploit
metasploit
Java Applet JMX Remote Code Execution
2013-01-10 19:30:43
exploitdb
exploitdb
Java Applet JMX - Remote Code Execution (Metasploit) (1)
2013-01-11 00:00:00
freebsd
freebsd
java 7.x -- security manager bypass
2013-01-10 00:00:00
fireeye
fireeye
Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents
2013-03-20 17:26:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
JSON
Related for OPENSUSE-2013-47.NASL
prion2nessus18openvas21cve2seebug3redhat3cert1centos1ubuntu1oraclelinux1fedora3suse2ubuntucve2zdi1attackerkb1amazon1veracode2checkpoint_advisories4securityvulns2threatpost11zdt1ibm10packetstorm1symantec1thn3saint8canvas1cisa_kev1metasploit1exploitdb1freebsd1fireeye1securelist1gentoo1