Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3.
This update has been rated as having low security impact by the Red Hat Security Response Team.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)
Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues.
For this update to take effect, Red Hat Network Satellite Server must be restarted (‘/usr/sbin/rhn-satellite restart’), as well as all running instances of IBM Java.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0043. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44029);
script_version("1.36");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-0217", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2010-0079");
script_bugtraq_id(34240, 35671, 35939, 35942, 35943, 35944, 35946, 35958, 36881);
script_xref(name:"RHSA", value:"2010:0043");
script_name(english:"RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated java-1.6.0-ibm packages that fix several security issues are
now available for Red Hat Network Satellite Server 5.3.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite
Server 5.3. In a typical operating environment, these are of low
security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104,
CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625,
CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,
CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865,
CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,
CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874,
CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)
Users of Red Hat Network Satellite Server 5.3 are advised to upgrade
to these updated java-1.6.0-ibm packages, which resolve these issues.
For this update to take effect, Red Hat Network Satellite Server must
be restarted ('/usr/sbin/rhn-satellite restart'), as well as all
running instances of IBM Java."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-0217"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1093"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1094"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1095"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1096"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1097"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1098"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1099"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1100"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1101"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1103"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1104"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1105"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1106"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1107"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2625"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2670"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2671"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2672"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2673"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2674"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2675"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2676"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3865"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3866"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3867"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3868"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3869"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3871"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3872"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3873"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3874"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3875"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3876"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3877"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2010:0043"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(16, 20, 94, 119, 189, 264, 310, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/25");
script_set_attribute(attribute:"patch_publication_date", value:"2010/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2010:0043";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (! (rpm_exists(release:"RHEL4", rpm:"spacewalk-admin-") || rpm_exists(release:"RHEL5", rpm:"spacewalk-admin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-1.6.0.7-1jpp.3.el4")) flag++;
if (rpm_check(release:"RHEL4", reference:"java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-devel");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | java-1.6.0-ibm | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm |
redhat | enterprise_linux | java-1.6.0-ibm-devel | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel |
redhat | enterprise_linux | 4 | cpe:/o:redhat:enterprise_linux:4 |
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0079
access.redhat.com/errata/RHSA-2010:0043
access.redhat.com/security/cve/cve-2009-0217
access.redhat.com/security/cve/cve-2009-1093
access.redhat.com/security/cve/cve-2009-1094
access.redhat.com/security/cve/cve-2009-1095
access.redhat.com/security/cve/cve-2009-1096
access.redhat.com/security/cve/cve-2009-1097
access.redhat.com/security/cve/cve-2009-1098
access.redhat.com/security/cve/cve-2009-1099
access.redhat.com/security/cve/cve-2009-1100
access.redhat.com/security/cve/cve-2009-1101
access.redhat.com/security/cve/cve-2009-1103
access.redhat.com/security/cve/cve-2009-1104
access.redhat.com/security/cve/cve-2009-1105
access.redhat.com/security/cve/cve-2009-1106
access.redhat.com/security/cve/cve-2009-1107
access.redhat.com/security/cve/cve-2009-2625
access.redhat.com/security/cve/cve-2009-2670
access.redhat.com/security/cve/cve-2009-2671
access.redhat.com/security/cve/cve-2009-2672
access.redhat.com/security/cve/cve-2009-2673
access.redhat.com/security/cve/cve-2009-2674
access.redhat.com/security/cve/cve-2009-2675
access.redhat.com/security/cve/cve-2009-2676
access.redhat.com/security/cve/cve-2009-3865
access.redhat.com/security/cve/cve-2009-3866
access.redhat.com/security/cve/cve-2009-3867
access.redhat.com/security/cve/cve-2009-3868
access.redhat.com/security/cve/cve-2009-3869
access.redhat.com/security/cve/cve-2009-3871
access.redhat.com/security/cve/cve-2009-3872
access.redhat.com/security/cve/cve-2009-3873
access.redhat.com/security/cve/cve-2009-3874
access.redhat.com/security/cve/cve-2009-3875
access.redhat.com/security/cve/cve-2009-3876
access.redhat.com/security/cve/cve-2009-3877