Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE9_12658.NASL
HistoryDec 17, 2010 - 12:00 a.m.

SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658)

2010-12-1700:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and security issues.

Following CVEs are tracked for this update: CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(51338);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-3555", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572");

  script_name(english:"SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12658)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 9 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"IBM Java 1.4.2 was updated to SR13 FP6 to fix various bugs and
security issues.

Following CVEs are tracked for this update: CVE-2009-3555
CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553
CVE-2010-3556 CVE-2010-3557 CVE-2010-3562 CVE-2010-3565 CVE-2010-3568
CVE-2010-3569 CVE-2010-3571 CVE-2010-3572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-3555.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3548.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3551.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3553.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3556.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3557.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3562.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3565.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3568.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3569.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3571.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3572.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12658.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SUSE9", reference:"IBMJava2-JRE-1.4.2_sr13.6-0.7")) flag++;
if (rpm_check(release:"SUSE9", reference:"IBMJava2-SDK-1.4.2_sr13.6-0.7")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

redhat 12
nessus 60
suse 3
fedora 6
openvas 44
oraclelinux 1
centos 1
ubuntu 4
cisco 1
prion 13
ubuntucve 13
cve 14
veracode 14
zdi 2
debian 3
altlinux 1
seebug 1
securityvulns 3
mozilla 1
hackerone 1
fortinet 1
redhat
redhat
(RHSA-2010:0786) Critical: java-1.4.2-ibm security update
2010-10-20 00:00:00
(RHSA-2010:0986) Moderate: java-1.4.2-ibm-sap security update
2010-12-15 00:00:00
(RHSA-2010:0865) Important: java-1.6.0-openjdk security and bug fix update
2010-11-10 00:00:00
nessus
nessus
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0786)
2010-10-21 00:00:00
SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7231)
2010-12-17 00:00:00
SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 3528)
2011-01-21 00:00:00
suse
suse
remote code execution in java-1_4_2-ibm,IBMJava2-JRE
2010-12-17 11:21:31
remote code execution in java-1_6_0-ibm
2011-01-25 17:16:52
man-in-the-middle attack in openssl
2009-11-18 09:50:39
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-43.1.8.2.fc13
2010-10-19 07:04:11
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-41.1.8.2.fc12
2010-10-21 06:04:44
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14
2010-10-18 05:38:07
openvas
openvas
Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294
2010-10-22 00:00:00
Oracle: Security Advisory (ELSA-2010-0768)
2015-10-06 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294
2010-10-22 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security and bug fix update
2010-10-13 00:00:00
centos
centos
java security update
2010-10-14 10:59:21
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-10-28 00:00:00
Apache vulnerability
2010-09-21 00:00:00
NSS vulnerability
2010-07-23 00:00:00
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
prion
prion
Double free
2010-10-19 22:00:00
Design/Logic Flaw
2010-10-19 22:00:00
Design/Logic Flaw
2010-10-19 22:00:00
ubuntucve
ubuntucve
CVE-2010-3562
2010-10-19 00:00:00
CVE-2010-3549
2010-10-19 00:00:00
CVE-2010-3548
2010-10-19 00:00:00
cve
cve
CVE-2010-3562
2010-10-19 22:00:00
CVE-2010-3549
2010-10-19 22:00:00
CVE-2010-3568
2010-10-19 22:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:52:16
Privilege Escalation
2020-04-10 00:52:14
Privilege Escalation
2020-04-10 00:52:15
zdi
zdi
Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability
2010-10-12 00:00:00
Oracle Sun JRE JPEGImageWriter.writeImage Remote Code Execution Vulnerability
2010-10-12 00:00:00
debian
debian
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
2011-01-05 23:21:10
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
seebug
seebug
ProFTPD TLS会话重协商明文数据注入漏洞
2009-12-15 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-11 00:00:00
SSL data injection
2010-02-10 00:00:00
[ MDVSA-2009:295 ] apache
2009-11-09 00:00:00
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
hackerone
hackerone
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
JSON
Related for SUSE9_12658.NASL
redhat12nessus60suse3fedora6openvas44oraclelinux1centos1ubuntu4cisco1prion13ubuntucve13cve14veracode14zdi2debian3altlinux1seebug1securityvulns3mozilla1hackerone1fortinet1