Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)

2014-07-2900:00:00

www.tenable.com

The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote user to affect the confidentiality of the system via :

A design flaw in the RSA ‘blinding’ security component of the ‘RASCore’ class. By performing operations requiring the use of private keys and measuring timing differences, an attacker may be able to disclose information about the keys used.
(CVE-2014-4244).
A design flaw in the ‘validateDHPublicKey’ function of the ‘KeyUtil’ class. A remote attacker may be able to recover a key. (CVE-2014-4263).

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76883);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:28");

  script_cve_id("CVE-2014-4244", "CVE-2014-4263");
  script_bugtraq_id(68624, 68636);

  script_name(english:"Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)");
  script_summary(english:"Checks the version of jvm.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities that could allow a remote user to affect the
confidentiality of the system via :

  - A design flaw in the RSA 'blinding' security component
    of the 'RASCore' class. By performing operations
    requiring the use of private keys and measuring timing
    differences, an attacker may be able to disclose
    information about the keys used.
    (CVE-2014-4244).

  - A design flaw in the 'validateDHPublicKey' function of
    the 'KeyUtil' class. A remote attacker may be able to
    recover a key. (CVE-2014-4263).");
  # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77697fb1");
  script_set_attribute(attribute:"solution", value:"Upgrade to version R27.8.3.9 / R28.3.3.10 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jrockit");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("oracle_jrockit_installed.nasl");
  script_require_keys("installed_sw/Oracle JRockit");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app     = "Oracle JRockit";
get_install_count(app_name:app, exit_if_zero:TRUE);
install = get_single_install(app_name:app);
ver     = install['version'];
type    = install['type'];
path    = install['path'];

# 26 and below may not be supported, may not be affected --
# it's not listed as affected so we do not check it.
if (ver_compare(ver:ver, fix:"27", strict:FALSE) < 0) audit(AUDIT_INST_VER_NOT_VULN, app);

vulnerable = FALSE;
# Determine if the install is vulnerable, splitting the cases into
# v27 and below, and v28 above.
if (ver_compare(ver:ver, fix:"28", strict:FALSE) < 0)
{
  fix = "27.8.3.9"; # Very specific fix pulled from the patch
  # Are we in the vulnerable range? v >= 27.8.2 && v < 27.8.3
  if (
    ver_compare(ver:ver,fix:"27.8.2",strict:FALSE) >= 0 &&
    ver_compare(ver:ver,fix:"27.8.3",strict:FALSE) < 0
  ) vulnerable = TRUE;
}
else
{
  fix = "28.3.3.10"; # Very specific fix pulled from the patch
  # Are we in the vulnerable range? v >= 28.3.2 && v < 28.3.3
  if (
    ver_compare(ver:ver,fix:"28.3.2",strict:FALSE) >= 0 &&
    ver_compare(ver:ver,fix:"28.3.3",strict:FALSE) < 0
  ) vulnerable = TRUE;
}

# Weren't in vulnerable range
if (!vulnerable) audit(AUDIT_INST_VER_NOT_VULN, app);

# The DLL we're looking at is a level deeper in the JDK, since it
# keeps a subset of the JRE in a subdirectory.
if (type == "JDK")  path += "\jre";

path += "\bin\jrockit\jvm.dll";

report =
  '\n  Type              : ' + type +
  '\n  Path              : ' + path +
  '\n  Installed version : ' + ver +
  '\n  Fixed version     : ' + fix +
  '\n';

port = get_kb_item("SMB/transport");
if (!port) port = 445;

if (report_verbosity > 0) security_warning(port:port, extra:report);
else security_warning(port);

VendorProductVersionCPE
oraclejrockitcpe:/a:oracle:jrockit

Vendor	Product	Version	CPE
oracle	jrockit		cpe:/a:oracle:jrockit

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263

www.nessus.org/u?77697fb1

JSON

Related for ORACLE_JROCKIT_CPU_JUL_2014.NASL