Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUN_JAVA_JRE_6_7_UNIX.NASL
HistoryFeb 22, 2013 - 12:00 a.m.

Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)

2013-02-2200:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

The version of Sun Java Runtime Environment (JRE) 6.0 installed on the remote host is affected by multiple security issues :

  • A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successfully exploit this issue, a JAX-WS client/service included with a trusted application should process the malicious XML content (238628).

  • A vulnerability in the JRE may allow an untrusted applet to access information from another applet (238687).

  • A buffer overflow vulnerability in Java Web Start could allow an untrusted applet to elevate its privileges to read, write and execute local applications available to users running an untrusted application (238905).

  • A vulnerability in Java Web Start could allow an untrusted application to create or delete arbitrary files subject to the privileges of the user running the application (238905).

  • A vulnerability in Java Web Start may disclose the location of Java Web Start cache (238905).

  • A vulnerability in Sun Java Management Extensions (JMX) could allow a JMX client running on a remote host to perform unauthorized actions on a host running JMX with local monitoring enabled (238965).

  • A vulnerability in the JRE could allow an untrusted applet / application to elevate its privileges to read, write and execute local applications with the privileges of the user running an untrusted applet (238967, 238687).

  • A vulnerability in the JRE may allow an untrusted applet to establish connections to services running on the localhost and potentially exploit vulnerabilities existing in the underlying JRE (238968).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64833);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2008-3103",
    "CVE-2008-3104",
    "CVE-2008-3105",
    "CVE-2008-3106",
    "CVE-2008-3107",
    "CVE-2008-3109",
    "CVE-2008-3110",
    "CVE-2008-3111",
    "CVE-2008-3112",
    "CVE-2008-3113",
    "CVE-2008-3114",
    "CVE-2008-3115"
  );
  script_bugtraq_id(
    30140,
    30141,
    30142,
    30143,
    30144,
    30146,
    30148
  );

  script_name(english:"Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Unix host has an application that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Sun Java Runtime Environment (JRE) 6.0 installed on the
remote host is affected by multiple security issues :

  - A vulnerability in the JRE could allow unauthorized
    access to certain URL resources or cause a denial of
    service condition while processing XML data. In order to
    successfully exploit this issue, a JAX-WS client/service
    included with a trusted application should process the
    malicious XML content (238628).

  - A vulnerability in the JRE may allow an untrusted applet
    to access information from another applet (238687).

  - A buffer overflow vulnerability in Java Web Start could
    allow an untrusted applet to elevate its privileges to
    read, write and execute local applications available to
    users running an untrusted application (238905).

  - A vulnerability in Java Web Start could allow an
    untrusted application to create or delete arbitrary
    files subject to the privileges of the user running the
    application (238905).

  - A vulnerability in Java Web Start may disclose the
    location of Java Web Start cache (238905).

  - A vulnerability in Sun Java Management Extensions (JMX)
    could allow a JMX client running on a remote host to
    perform unauthorized actions on a host running JMX with
    local monitoring enabled (238965).

  - A vulnerability in the JRE could allow an untrusted
    applet / application to elevate its privileges to
    read, write and execute local applications with the
    privileges of the user running an untrusted applet
    (238967, 238687).

  - A vulnerability in the JRE may allow an untrusted
    applet to establish connections to services running on
    the localhost and potentially exploit vulnerabilities
    existing in the underlying JRE (238968).");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019338.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019344.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019367.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019373.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019375.1.html");
  script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019376.1.html");
  script_set_attribute(attribute:"solution", value:
"Update to Sun Java JDK and JRE 6 Update 7 or later and remove, if
necessary, any affected versions.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"D2ExploitPack");
  script_cwe_id(16, 20, 119, 200, 264);

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sun_java_jre_installed_unix.nasl");
  script_require_keys("Host/Java/JRE/Installed");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

# Check each installed JRE.
installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");

info = "";
vuln = 0;
vuln2 = 0;
installed_versions = "";
granular = "";
foreach install (list_uniq(keys(installs)))
{
  ver = install - "Host/Java/JRE/Unmanaged/";
  if (ver !~ "^[0-9.]+") continue;
  installed_versions = installed_versions + " & " + ver;
  if (ver =~ "^1\.6\.0_0[0-6][^0-9]?")
  {
    dirs = make_list(get_kb_list(install));
    vuln += max_index(dirs);

    foreach dir (dirs)
      info += '\n  Path              : ' + dir;

    info += '\n  Installed version : ' + ver;
    info += '\n  Fixed version     : 1.6.0_07\n';
  }
  else if (ver =~ "^[\d\.]+$")
  {
    dirs = make_list(get_kb_list(install));
    foreach dir (dirs)
      granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
  }
  else
  {
    dirs = make_list(get_kb_list(install));
    vuln2 += max_index(dirs);
  }

}


# Report if any were found to be vulnerable.
if (info)
{
  if (report_verbosity > 0)
  {
    if (vuln > 1) s = "s of Java are";
    else s = " of Java is";

    report =
      '\n' +
      'The following vulnerable instance'+s+' installed on the\n' +
      'remote host :\n' +
      info;
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  if (granular) exit(0, granular);
}
else
{
  if (granular) exit(0, granular);

  installed_versions = substr(installed_versions, 3);
  if (vuln2 > 1)
    exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
  else
    exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
}
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre

References

Related

nessus 35
redhat 12
suse 3
openvas 24
securityvulns 1
vmware 2
prion 12
cve 12
ubuntucve 12
d2 1
zdi 2
checkpoint_advisories 2
saint 4
f5 2
gentoo 1
ibm 1
nessus
nessus
Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities
2008-07-15 00:00:00
openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435)
2008-08-24 00:00:00
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97)
2009-07-21 00:00:00
redhat
redhat
(RHSA-2008:0594) Critical: java-1.6.0-sun security update
2008-07-14 00:00:00
(RHSA-2008:0906) Critical: java-1.6.0-ibm security update
2008-10-24 00:00:00
(RHSA-2008:0595) Critical: java-1.5.0-sun security update
2008-07-14 00:00:00
suse
suse
remote code execution in Sun Java security update
2008-08-25 12:44:04
remote code execution in java-1_5_0-ibm,IBMJava5
2008-09-17 13:28:28
remote code execution in IBMJava5-JRE,java-1_5_0-ibm
2008-09-04 13:19:33
openvas
openvas
SuSE Update for Sun Java security update SUSE-SA:2008:042
2009-01-23 00:00:00
SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK
2009-10-10 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
securityvulns
securityvulns
VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-06 00:00:00
vmware
vmware
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
prion
prion
Code injection
2008-07-09 23:41:00
Design/Logic Flaw
2008-07-09 23:41:00
Directory traversal
2008-07-09 23:41:00
cve
cve
CVE-2008-3106
2008-07-09 23:41:00
CVE-2008-3109
2008-07-09 23:41:00
CVE-2008-3104
2008-07-09 23:41:00
ubuntucve
ubuntucve
CVE-2008-3106
2008-07-09 00:00:00
CVE-2008-3109
2008-07-09 00:00:00
CVE-2008-3103
2008-07-09 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_JAVAWS2
2008-07-09 23:41:00
zdi
zdi
Sun Java Web Start Sandbox Bypass Vulnerability
2008-07-17 00:00:00
Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
2008-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow (CVE-2008-3111)
2010-03-03 00:00:00
Sun Java Web Start JNLP vm args Stack Overflow (CVE-2008-3111)
2009-12-24 00:00:00
saint
saint
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
f5
f5
K16475 : Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
SOL16475 - Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SUN_JAVA_JRE_6_7_UNIX.NASL
nessus35redhat12suse3openvas24securityvulns1vmware2prion12cve12ubuntucve12d21zdi2checkpoint_advisories2saint4f52gentoo1ibm1