Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the ‘Oracle Java SE and Java for Business Critical Patch Update Advisory’ page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)

All running instances of Sun Java must be restarted for the update to take effect.

NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign this package without breaking it.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60964);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4451", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4466", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476");

  script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes several vulnerabilities in the Sun Java 6 Software
Development Kit. Further information about these flaws can be found on
the 'Oracle Java SE and Java for Business Critical Patch Update
Advisory' page. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,
CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454,
CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466,
CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470,
CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,
CVE-2010-4476)

All running instances of Sun Java must be restarted for the update to
take effect.

NOTE: jdk-1.6.0_20-fcs.x86_64.rpm has not been signed. We cannot sign
this package without breaking it."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2201
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6b8eaef3"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1.6.0-sun-compat and / or jdk packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Applet2ClassLoader Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl4.jpp")) flag++;
if (rpm_check(release:"SL4", reference:"jdk-1.6.0_24-fcs")) flag++;

if (rpm_check(release:"SL5", reference:"java-1.6.0-sun-compat-1.6.0.24-3.sl5.jpp")) flag++;
if (rpm_check(release:"SL5", reference:"jdk-1.6.0_24-fcs")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

References

Related

openvas 47
nessus 39
redhat 8
suse 4
securityvulns 6
ubuntu 3
centos 1
oraclelinux 1
fedora 5
osv 1
debian 1
prion 15
ubuntucve 17
cve 16
vmware 2
veracode 14
saint 4
canvas 1
zdi 5
checkpoint_advisories 2
threatpost 2
seebug 1
d2 1
packetstorm 1
metasploit 1
gentoo 1
openvas
openvas
SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
2011-02-28 00:00:00
HP-UX Update for Java HPSBUX02685
2011-06-06 00:00:00
HP-UX Update for Java HPSBUX02685
2011-06-06 00:00:00
nessus
nessus
RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0282)
2011-02-18 00:00:00
openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
2011-05-05 00:00:00
openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0126-1)
2014-06-13 00:00:00
redhat
redhat
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
(RHSA-2011:0364) Critical: java-1.5.0-ibm security update
2011-03-17 00:00:00
suse
suse
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
remote code execution in java-1_4_2-ibm
2011-05-13 13:10:27
Security update for IBM Java 1.4.2 (important)
2011-07-22 05:08:11
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
2011-02-17 00:00:00
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-17 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-03-17 00:00:00
OpenJDK 6 vulnerabilities
2011-03-15 00:00:00
OpenJDK 6 vulnerabilities
2011-03-01 00:00:00
centos
centos
java security update
2011-04-14 14:33:37
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14
2011-02-16 19:20:33
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13
2011-02-16 19:17:23
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14
2011-06-11 04:18:13
osv
osv
openjdk-6 - several
2011-04-20 00:00:00
debian
debian
[SECURITY] [DSA 2224-1] openjdk-6 security update
2011-04-20 20:19:48
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
ubuntucve
ubuntucve
CVE-2010-4454
2011-02-17 00:00:00
CVE-2010-4462
2011-02-17 00:00:00
CVE-2010-4473
2011-02-17 00:00:00
cve
cve
CVE-2010-4462
2011-02-17 19:00:00
CVE-2010-4473
2011-02-17 19:00:00
CVE-2010-4454
2011-02-17 19:00:00
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:57:56
Privilege Escalation
2020-04-10 00:57:54
Denial Of Service (DoS)
2020-04-10 00:57:57
saint
saint
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_4452
2011-02-17 19:00:00
zdi
zdi
Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
2011-02-15 00:00:00
Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability
2011-02-15 00:00:00
Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability
2011-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java XGetSamplePtrFromSnd Memory Corruption (CVE-2010-4462)
2011-06-28 00:00:00
Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)
2011-05-31 00:00:00
threatpost
threatpost
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
2011-11-07 12:44:36
The Tale of One Thousand and One DSL Modems
2012-10-02 14:51:59
seebug
seebug
Sun Java Applet2ClassLoader - Remote Code Execution Exploit
2014-07-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLASSLOADER
2011-02-17 19:00:00
packetstorm
packetstorm
Sun Java Applet2ClassLoader Remote Code Execution Exploit
2011-03-16 00:00:00
metasploit
metasploit
Sun Java Applet2ClassLoader Remote Code Execution
2011-03-16 04:50:25
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
JSON
Related for SL_20110217_JAVA__JDK_1_6_0__ON_SL4_X.NASL
openvas47nessus39redhat8suse4securityvulns6ubuntu3centos1oraclelinux1fedora5osv1debian1prion15ubuntucve17cve16vmware2veracode14saint4canvas1zdi5checkpoint_advisories2threatpost2seebug1d21packetstorm1metasploit1gentoo1