Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)

2012-08-0100:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)

All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61158);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2011-3389",
    "CVE-2011-3516",
    "CVE-2011-3521",
    "CVE-2011-3544",
    "CVE-2011-3545",
    "CVE-2011-3546",
    "CVE-2011-3547",
    "CVE-2011-3548",
    "CVE-2011-3549",
    "CVE-2011-3550",
    "CVE-2011-3551",
    "CVE-2011-3552",
    "CVE-2011-3553",
    "CVE-2011-3554",
    "CVE-2011-3555",
    "CVE-2011-3556",
    "CVE-2011-3557",
    "CVE-2011-3558",
    "CVE-2011-3560",
    "CVE-2011-3561"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment
and the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE
Critical Patch page, listed in the References section. (CVE-2011-3389,
CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,
CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549,
CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553,
CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557,
CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 29 and resolve these
issues. All running instances of Sun Java must be restarted for the
update to take effect.");
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=604
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7daa5835");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.6.0-sun-compat and / or jdk packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Scientific Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"java-1.6.0-sun-compat-1.6.0.29-3.sl5.jpp")) flag++;
if (rpm_check(release:"SL5", reference:"jdk-1.6.0_29-fcs")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

References

Related

nessus 32
ibm 1
openvas 73
securityvulns 2
redhat 6
threatpost 1
suse 5
fedora 18
oraclelinux 1
centos 1
debian 2
amazon 1
osv 2
ubuntu 2
seebug 1
prion 11
ubuntucve 12
cve 13
gentoo 1
veracode 13
cert 1
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)
2011-10-20 00:00:00
VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE
2012-03-09 00:00:00
Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix)
2013-02-22 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:01:55
openvas
openvas
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0114-2)
2021-06-09 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2011-11-11 00:00:00
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
2011-11-11 00:00:00
redhat
redhat
(RHSA-2011:1384) Critical: java-1.6.0-sun security update
2011-10-19 00:00:00
(RHSA-2012:0034) Critical: java-1.6.0-ibm security update
2012-01-18 00:00:00
(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update
2011-10-18 00:00:00
threatpost
threatpost
Apple Releases New Java Updates, Fix 17 Flaws
2011-11-09 17:09:04
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-03-06 21:08:29
Security update for IBM Java (important)
2012-01-23 17:08:23
Security update for IBM Java 1.4.2 (important)
2012-01-26 04:08:11
fedora
fedora
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16
2011-11-05 01:27:14
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16
2011-11-10 17:36:54
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-10-18 00:00:00
centos
centos
java security update
2011-10-19 21:07:19
debian
debian
[SECURITY] [DSA 2356-1] openjdk-6 security update
2011-12-01 20:33:15
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
amazon
amazon
Critical: java-1.6.0-openjdk
2011-10-31 18:22:00
osv
osv
openjdk-6 - several
2011-12-01 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
ubuntu
ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-11-16 00:00:00
OpenJDK 6 regression
2012-01-24 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
prion
prion
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
ubuntucve
ubuntucve
CVE-2011-3556
2011-10-19 00:00:00
CVE-2011-3557
2011-10-19 00:00:00
CVE-2011-3549
2011-10-19 00:00:00
cve
cve
CVE-2011-3557
2011-10-19 21:55:00
CVE-2011-3556
2011-10-19 21:55:00
CVE-2011-3516
2011-10-19 21:55:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2011-11-05 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 04:56:00
Authorization Bypass
2019-05-02 04:55:59
Information Disclosure
2019-05-02 04:56:00
cert
cert
IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
2020-02-12 00:00:00
JSON
Related for SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL
nessus32ibm1openvas73securityvulns2redhat6threatpost1suse5fedora18oraclelinux1centos1debian2amazon1osv2ubuntu2seebug1prion11ubuntucve12cve13gentoo1veracode13cert1