openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)

2009-07-21T00:00:00

Description

The Sun JDK 5 was updated to Update18 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). CVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. CVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. CVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. CVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. CVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860. CVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. CVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.

{"id": "SUSE_11_0_JAVA-1_5_0-SUN-090327.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "published": "2009-07-21T00:00:00", "modified": "2021-01-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/39998", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104", "https://bugzilla.novell.com/show_bug.cgi?id=488926", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098"], "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "immutableFields": [], "lastseen": "2023-05-18T14:24:50", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:0377"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-384", "CPAI-2009-344", "CPAI-2009-346"]}, {"type": "cve", "idList": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1769-1:1A1C7"]}, {"type": "gentoo", "idList": ["GLSA-200911-02"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0377.NASL", "DEBIAN_DSA-1769.NASL", "GENTOO_GLSA-200911-02.NASL", "MACOSX_JAVA_10_5_UPDATE4.NASL", "MACOSX_JAVA_REL9.NASL", "MANDRIVA_MDVSA-2009-137.NASL", "ORACLELINUX_ELSA-2009-0377.NASL", "REDHAT-RHSA-2009-0377.NASL", "REDHAT-RHSA-2009-0392.NASL", "REDHAT-RHSA-2009-0394.NASL", "REDHAT-RHSA-2009-1038.NASL", "REDHAT-RHSA-2009-1198.NASL", "REDHAT-RHSA-2009-1662.NASL", "REDHAT-RHSA-2010-0043.NASL", "SL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SOLARIS10_118667-61.NASL", "SOLARIS10_118667.NASL", "SOLARIS10_125137-71.NASL", "SOLARIS10_125137-75.NASL", "SOLARIS10_125137.NASL", "SOLARIS10_X86_118669-19.NASL", "SOLARIS10_X86_118669-61.NASL", "SOLARIS10_X86_118669.NASL", "SOLARIS10_X86_125139-71.NASL", "SOLARIS10_X86_125139-75.NASL", "SOLARIS10_X86_125139.NASL", "SOLARIS8_118667.NASL", "SOLARIS8_125137.NASL", "SOLARIS8_X86_118669.NASL", "SOLARIS8_X86_125139.NASL", "SOLARIS9_118667.NASL", "SOLARIS9_125137.NASL", "SOLARIS9_X86_118669.NASL", "SOLARIS9_X86_125139.NASL", "SUN_JAVA_JRE_254569.NASL", "SUN_JAVA_JRE_254569_UNIX.NASL", "SUSE9_12422.NASL", "SUSE9_12531.NASL", "SUSE_11_0_JAVA-1_6_0-SUN-090327.NASL", "SUSE_11_1_JAVA-1_5_0-SUN-090328.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-090328.NASL", "SUSE_11_JAVA-1_4_2-IBM-091106.NASL", "SUSE_11_JAVA-1_6_0-IBM-090629.NASL", "SUSE_11_JAVA-1_6_0-SUN-090327.NASL", "SUSE_JAVA-1_4_2-IBM-6647.NASL", "SUSE_JAVA-1_4_2-IBM-6648.NASL", "SUSE_JAVA-1_5_0-IBM-6253.NASL", "SUSE_JAVA-1_5_0-SUN-6125.NASL", "SUSE_JAVA-1_6_0-SUN-6128.NASL", "UBUNTU_USN-748-1.NASL", "VMWARE_VMSA-2009-0014.NASL", "VMWARE_VMSA-2009-0014_REMOTE.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL", "VMWARE_VMSA-2010-0002.NASL", "VMWARE_VMSA-2010-0002_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102042", "OPENVAS:1361412562310102042", "OPENVAS:1361412562310122496", "OPENVAS:136141256231063644", "OPENVAS:136141256231063645", "OPENVAS:136141256231063735", "OPENVAS:136141256231063758", "OPENVAS:136141256231063797", "OPENVAS:136141256231063824", "OPENVAS:136141256231063980", "OPENVAS:136141256231064196", "OPENVAS:136141256231064221", "OPENVAS:136141256231064495", "OPENVAS:136141256231064592", "OPENVAS:136141256231065307", "OPENVAS:136141256231065682", "OPENVAS:136141256231065873", "OPENVAS:136141256231066344", "OPENVAS:136141256231066345", "OPENVAS:136141256231066348", "OPENVAS:1361412562310800384", "OPENVAS:1361412562310800386", "OPENVAS:1361412562310835197", "OPENVAS:1361412562310880673", "OPENVAS:63644", "OPENVAS:63645", "OPENVAS:63735", "OPENVAS:63746", "OPENVAS:63747", "OPENVAS:63748", "OPENVAS:63758", "OPENVAS:63797", "OPENVAS:63824", "OPENVAS:63980", "OPENVAS:64169", "OPENVAS:64170", "OPENVAS:64196", "OPENVAS:64221", "OPENVAS:64495", "OPENVAS:64592", "OPENVAS:65307", "OPENVAS:65682", "OPENVAS:65873", "OPENVAS:66344", "OPENVAS:66345", "OPENVAS:66348", "OPENVAS:800384", "OPENVAS:800386", "OPENVAS:835197", "OPENVAS:880673"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2009-091332"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0377"]}, {"type": "osv", "idList": ["OSV:DSA-1769-1"]}, {"type": "redhat", "idList": ["RHSA-2009:0377", "RHSA-2009:0392", "RHSA-2009:0394", "RHSA-2009:1038", "RHSA-2009:1198", "RHSA-2009:1551", "RHSA-2009:1662", "RHSA-2010:0043"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21538", "SECURITYVULNS:DOC:22178", "SECURITYVULNS:VULN:10077", "SECURITYVULNS:VULN:9777"]}, {"type": "suse", "idList": ["SUSE-SA:2009:016", "SUSE-SA:2009:029", "SUSE-SA:2009:036"]}, {"type": "ubuntu", "idList": ["USN-748-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1093", "UB:CVE-2009-1094", "UB:CVE-2009-1095", "UB:CVE-2009-1096", "UB:CVE-2009-1098", "UB:CVE-2009-1099", "UB:CVE-2009-1100", "UB:CVE-2009-1103", "UB:CVE-2009-1104", "UB:CVE-2009-1107"]}, {"type": "veracode", "idList": ["VERACODE:23559", "VERACODE:23560", "VERACODE:23561", "VERACODE:23562", "VERACODE:23564", "VERACODE:23833", "VERACODE:23834", "VERACODE:23835", "VERACODE:23836", "VERACODE:23839"]}, {"type": "vmware", "idList": ["VMSA-2009-0014", "VMSA-2009-0014.3", "VMSA-2009-0016", "VMSA-2009-0016.6", "VMSA-2010-0002", "VMSA-2010-0002.4"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:0377"]}, {"type": "cve", "idList": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1769-1:1A1C7"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2010-0043/"]}, {"type": "nessus", "idList": ["SOLARIS10_X86_125139-75.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800384", "OPENVAS:63746", "OPENVAS:64196", "OPENVAS:65307", "OPENVAS:65682"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0377"]}, {"type": "redhat", "idList": ["RHSA-2009:0377", "RHSA-2009:0392", "RHSA-2009:0394", "RHSA-2009:1038", "RHSA-2009:1198", "RHSA-2010:0043"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22178"]}, {"type": "suse", "idList": ["SUSE-SA:2009:036"]}, {"type": "ubuntu", "idList": ["USN-748-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1093", "UB:CVE-2009-1103"]}, {"type": "vmware", "idList": ["VMSA-2009-0016"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-1093", "epss": 0.14982, "percentile": 0.94963, "modified": "2023-05-06"}, {"cve": "CVE-2009-1094", "epss": 0.01849, "percentile": 0.86537, "modified": "2023-05-06"}, {"cve": "CVE-2009-1095", "epss": 0.91236, "percentile": 0.98351, "modified": "2023-05-06"}, {"cve": "CVE-2009-1096", "epss": 0.50917, "percentile": 0.96992, "modified": "2023-05-06"}, {"cve": "CVE-2009-1098", "epss": 0.24102, "percentile": 0.95887, "modified": "2023-05-06"}, {"cve": "CVE-2009-1099", "epss": 0.73428, "percentile": 0.97583, "modified": "2023-05-06"}, {"cve": "CVE-2009-1100", "epss": 0.13692, "percentile": 0.94766, "modified": "2023-05-06"}, {"cve": "CVE-2009-1103", "epss": 0.06924, "percentile": 0.92893, "modified": "2023-05-06"}, {"cve": "CVE-2009-1104", "epss": 0.00492, "percentile": 0.72641, "modified": "2023-05-06"}, {"cve": "CVE-2009-1107", "epss": 0.00819, "percentile": 0.79433, "modified": "2023-05-06"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1684426120, "score": 1684420145, "epss": 0}, "_internal": {"score_hash": "15f0d35f913bb38f511e3bcf53a53988"}, "pluginID": "39998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-698.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39998);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)\");\n script_summary(english:\"Check for the java-1_5_0-sun-698 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "solution": "Update the affected java-1_5_0-sun packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.0"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2009-03-27T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2018-04-06T11:40:29", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065873", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065873", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-6253\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65873\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:10", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065307", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5050060.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java 5 JRE and IBM Java 5 SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65307\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.64\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65307", "href": "http://plugins.openvas.org/nasl.php?oid=65307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5050060.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java 5 JRE and IBM Java 5 SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65307);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.64\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65873", "href": "http://plugins.openvas.org/nasl.php?oid=65873", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-6253\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65873);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:35", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0394", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063645", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063645", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0394.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0394 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63645\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0394\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:07", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0394", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63645", "href": "http://plugins.openvas.org/nasl.php?oid=63645", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0394.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0394 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63645);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0394\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:28", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1198", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064592", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1198.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1198 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64592\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1198\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1198.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065682", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065682", "sourceData": "#\n#VID 706f811c965148739c35d07d3653b91c\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=516361\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=494536\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65682\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:20", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1038", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63980", "href": "http://plugins.openvas.org/nasl.php?oid=63980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1038.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1038 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63980);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1038\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1038.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1198", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64592", "href": "http://plugins.openvas.org/nasl.php?oid=64592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1198.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1198 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64592);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1198\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1198.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65682", "href": "http://plugins.openvas.org/nasl.php?oid=65682", "sourceData": "#\n#VID 706f811c965148739c35d07d3653b91c\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=516361\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=494536\");\n script_id(65682);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:14", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1038", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063980", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1038.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1038 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63980\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1038\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1038.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:20", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310800384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800384\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34489\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JRE 6 Update 12 and prior.\n\n Sun Java JRE 5.0 Update 17 and prior.\n\n Sun Java JRE 1.4.2_19 and prior.\n\n Sun Java JRE 1.3.1_24 and prior.\");\n script_tag(name:\"insight\", value:\"For more information about vulnerabilities on Sun Java go through reference.\");\n script_tag(name:\"solution\", value:\"Upgrade to JRE version 6 Update 13\n\n Upgrade to JRE version 5 Update 18\n\n Upgrade to JRE version 1.4.2_20\n\n Upgrade to JRE version 1.3.1_25.\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!jreVer)\n exit(0);\n\nif(jreVer)\n{\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:41:51", "description": "Check for the Version of Java", "cvss3": {}, "published": "2009-06-01T00:00:00", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.16 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.22 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, execution of arbitrary code, and Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01745133-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835197\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 16:39:46 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02429\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_name( \"HP-UX Update for Java HPSBUX02429\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:23", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63735", "href": "http://plugins.openvas.org/nasl.php?oid=63735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_016.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated\nto Update 13 to fix various bugs and security issues.\n\nFor details addressed in these updates, please visit the referenced\nsecurity advisories.\n\nNo Sun Java 1.4.2 updates are available at this time since it has\nentered EOL phase.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:016\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.\";\n\n \n\nif(description)\n{\n script_id(63735);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:15", "description": "Check for the Version of Java", "cvss3": {}, "published": "2009-06-01T00:00:00", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835197", "href": "http://plugins.openvas.org/nasl.php?oid=835197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.16 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.22 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, execution of arbitrary code, and Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01745133-1\");\n script_id(835197);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 16:39:46 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02429\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_name( \"HP-UX Update for Java HPSBUX02429\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T13:01:02", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800384", "href": "http://plugins.openvas.org/nasl.php?oid=800384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_dos_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\n Impact Level: System\";\ntag_affected = \"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\";\ntag_insight = \"For more information about vulnerabilities on Sun Java go through reference.\";\ntag_solution = \"Upgrade to JRE version 6 Update 13\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JRE version 5 Update 18\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JRE version 1.4.2_20\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JRE version 1.3.1_25\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800384);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34489\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_require_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_25, 1.4 < 1.4.2_20, 1.5 < 1.5.0_18 (5 Update 18),\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T13:01:12", "description": "This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JRE Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800386", "href": "http://plugins.openvas.org/nasl.php?oid=800386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_dos_vuln_lin.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JRE Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\n Impact Level: System\";\ntag_affected = \"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\";\ntag_insight = \"For more information about vulnerabilities on Sun Java go through reference.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 13\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 18\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to SDK/JRE version 1.4.2_20\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to SDK/JRE version 1.3.1_25\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800386);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JRE Multiple Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34489\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_require_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_25, 1.4 < 1.4.2_20, 1.5 < 1.5.0_18 (5 Update 18),\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:24", "description": "This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JRE Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310800386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JRE Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800386\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JRE Multiple Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34489\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\");\n script_tag(name:\"insight\", value:\"For more information about vulnerabilities on Sun Java go through reference.\");\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 13\n\n Upgrade to JDK/JRE version 5 Update 18\n\n Upgrade to SDK/JRE version 1.4.2_20\n\n Upgrade to SDK/JRE version 1.3.1_25.\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer)\n exit(0);\n\nif(jreVer)\n{\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:49", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063735", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_016.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated\nto Update 13 to fix various bugs and security issues.\n\nFor details addressed in these updates, please visit the referenced\nsecurity advisories.\n\nNo Sun Java 1.4.2 updates are available at this time since it has\nentered EOL phase.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:016\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63735\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:03", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0392", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063644", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063644", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0392.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0392 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63644\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0392\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0392.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:38", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0392", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63644", "href": "http://plugins.openvas.org/nasl.php?oid=63644", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0392.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0392 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63644);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0392\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0392.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:43", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory USN-748-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-748-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63748", "href": "http://plugins.openvas.org/nasl.php?oid=63748", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_748_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_748_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-748-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.10:\n icedtea6-plugin 6b12-0ubuntu6.4\n openjdk-6-jdk 6b12-0ubuntu6.4\n openjdk-6-jre 6b12-0ubuntu6.4\n openjdk-6-jre-headless 6b12-0ubuntu6.4\n openjdk-6-jre-lib 6b12-0ubuntu6.4\n\nAfter a standard system upgrade you need to restart any Java applications\nto effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-748-1\";\n\ntag_insight = \"It was discovered that font creation could leak temporary files.\nIf a user were tricked into loading a malicious program or applet,\na remote attacker could consume disk space, leading to a denial of\nservice. (CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly close\nfiles on dataless connections. A remote attacker could send specially\ncrafted requests, leading to a denial of service. (CVE-2009-1101)\n\nCertain 64bit Java actions would crash an application. A local attacker\nmight be able to cause a denial of service. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly.\nA remote attacker could send specially crafted requests, leading to a\ndenial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A remote\nattacker could send specially crafted requests that could lead to\narbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or\nautomated system were tricked into processing a malicious JAR file,\na remote attacker could crash the application, leading to a denial of\nservice. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to memory\ncorruption. If a user or automated system were tricked into processing\na specially crafted image, a remote attacker could crash the application,\nleading to a denial of service. (CVE-2009-1097, CVE-2009-1098)\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory USN-748-1.\";\n\n \n\n\nif(description)\n{\n script_id(63748);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-748-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-748-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:37", "description": "The remote host is missing an update to icu\nannounced via advisory USN-747-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-747-1 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2008-4316", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63747", "href": "http://plugins.openvas.org/nasl.php?oid=63747", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_747_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_747_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-747-1 (icu)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libicu34 3.4.1a-1ubuntu1.6.06.2\n\nUbuntu 7.10:\n libicu36 3.6-3ubuntu0.2\n\nUbuntu 8.04 LTS:\n libicu38 3.8-6ubuntu0.1\n\nUbuntu 8.10:\n libicu38 3.8.1-2ubuntu0.1\n\nAfter a standard system upgrade you need to restart applications linked\nagainst libicu, such as OpenOffice.org, to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-747-1\";\n\ntag_insight = \"It was discovered that libicu did not correctly handle certain invalid\nencoded data. If a user or automated system were tricked into processing\nspecially crafted data with applications linked against libicu, certain\ncontent filters could be bypassed.\";\ntag_summary = \"The remote host is missing an update to icu\nannounced via advisory USN-747-1.\";\n\n \n\n\nif(description)\n{\n script_id(63747);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-747-1 (icu)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-747-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:03", "description": "The remote host is missing an update to xine-lib\nannounced via advisory USN-746-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-746-1 (xine-lib)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-1097", "CVE-2008-4316", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63746", "href": "http://plugins.openvas.org/nasl.php?oid=63746", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_746_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_746_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-746-1 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libxine-main1 1.1.1+ubuntu2-7.11\n\nUbuntu 7.10:\n libxine1 1.1.7-1ubuntu1.5\n\nUbuntu 8.04 LTS:\n libxine1 1.1.11.1-1ubuntu3.3\n\nUbuntu 8.10:\n libxine1 1.1.15-0ubuntu3.2\n\nAfter a standard system upgrade you need to restart applications linked\nagainst xine-lib, such as Totem-xine and Amarok, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-746-1\";\n\ntag_insight = \"It was discovered that the 4xm demuxer in xine-lib did not correctly handle\na large current_track value in a 4xm file, resulting in an integer\noverflow. If a user or automated system were tricked into opening a\nspecially crafted 4xm movie file, an attacker could crash xine-lib or\npossibly execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2009-0698)\n\nUSN-710-1 provided updated xine-lib packages to fix multiple security\nvulnerabilities. The security patch to fix CVE-2008-5239 introduced a\nregression causing some media files to be unplayable. This update corrects\nthe problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n It was discovered that the input handlers in xine-lib did not correctly\n handle certain error codes, resulting in out-of-bounds reads and heap-\n based buffer overflows. If a user or automated system were tricked into\n opening a specially crafted file, stream, or URL, an attacker could\n execute arbitrary code as the user invoking the program. (CVE-2008-5239)\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory USN-746-1.\";\n\n \n\n\nif(description)\n{\n script_id(63746);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-746-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-746-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:50", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1769-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063797", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063797", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1769_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1769-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\nCreation of large, temporary fonts could use up available disk space,\nleading to a denial of service condition (CVE-2006-2426).\n\nSeveral vulnerabilities existed in the embedded LittleCMS library,\nexploitable through crafted images: a memory leak, resulting in a\ndenial of service condition (CVE-2009-0581), heap-based buffer\noverflows, potentially allowing arbitrary code execution\n(CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,\nleading to denial of service (CVE-2009-0793).\n\nThe LDAP server implementation (in com.sun.jdni.ldap) did not properly\nclose sockets if an error was encountered, leading to a\ndenial-of-service condition (CVE-2009-1093).\n\nThe LDAP client implementation (in com.sun.jdni.ldap) allowed\nmalicious LDAP servers to execute arbitrary code on the client\n(CVE-2009-1094).\n\nThe HTTP server implementation (sun.net.httpserver) contained an\nunspecified denial of service vulnerability (CVE-2009-1101).\n\nSeveral issues in Java Web Start have been addressed (CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages\ncurrently do not support Java Web Start, so these issues are not\ndirectly exploitable, but the relevant code has been updated\nnevertheless.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201769-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63797\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1769-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:17", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1769-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-0581"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63797", "href": "http://plugins.openvas.org/nasl.php?oid=63797", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1769_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1769-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\nCreation of large, temporary fonts could use up available disk space,\nleading to a denial of service condition (CVE-2006-2426).\n\nSeveral vulnerabilities existed in the embedded LittleCMS library,\nexploitable through crafted images: a memory leak, resulting in a\ndenial of service condition (CVE-2009-0581), heap-based buffer\noverflows, potentially allowing arbitrary code execution\n(CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,\nleading to denial of service (CVE-2009-0793).\n\nThe LDAP server implementation (in com.sun.jdni.ldap) did not properly\nclose sockets if an error was encountered, leading to a\ndenial-of-service condition (CVE-2009-1093).\n\nThe LDAP client implementation (in com.sun.jdni.ldap) allowed\nmalicious LDAP servers to execute arbitrary code on the client\n(CVE-2009-1094).\n\nThe HTTP server implementation (sun.net.httpserver) contained an\nunspecified denial of service vulnerability (CVE-2009-1101).\n\nSeveral issues in Java Web Start have been addressed (CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages\ncurrently do not support Java Web Start, so these issues are not\ndirectly exploitable, but the relevant code has been updated\nnevertheless.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201769-1\";\n\n\nif(description)\n{\n script_id(63797);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1769-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:39", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063758", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0377.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0377 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63758\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0377\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0377.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063824", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063824", "sourceData": "#CESA-2009:0377 63824 2\n# $Id: ovcesa2009_0377.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0377 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0377\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0377\nhttps://rhn.redhat.com/errata/RHSA-2009-0377.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63824\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63824", "href": "http://plugins.openvas.org/nasl.php?oid=63824", "sourceData": "#CESA-2009:0377 63824 2\n# $Id: ovcesa2009_0377.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0377 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0377\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0377\nhttps://rhn.redhat.com/errata/RHSA-2009-0377.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.\";\n\n\n\nif(description)\n{\n script_id(63824);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:12", "description": "Oracle Linux Local Security Checks ELSA-2009-0377", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122496", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0377.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122496\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:41 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0377\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0377 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0377\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0377.html\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2006-2426\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:47", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63758", "href": "http://plugins.openvas.org/nasl.php?oid=63758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0377.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0377 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63758);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0377\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0377.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of java", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:0377 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880673", "href": "http://plugins.openvas.org/nasl.php?oid=880673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2009:0377 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way that the Java Virtual Machine (JVM) handled\n temporary font files. A malicious applet could use this flaw to use large\n amounts of disk space, causing a denial of service. (CVE-2006-2426)\n \n A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\n application using color profiles could use excessive amounts of memory, and\n possibly crash after using all available memory, if used to open\n specially-crafted images. (CVE-2009-0581)\n \n Multiple integer overflow flaws which could lead to heap-based buffer\n overflows, as well as multiple insufficient input validation flaws, were\n found in the way LittleCMS handled color profiles. An attacker could use\n these flaws to create a specially-crafted image file which could cause a\n Java application to crash or, possibly, execute arbitrary code when opened.\n (CVE-2009-0723, CVE-2009-0733)\n \n A null pointer dereference flaw was found in LittleCMS. An application\n using color profiles could crash while converting a specially-crafted image\n file. (CVE-2009-0793)\n \n A flaw in the Java API for XML Web Services (JAX-WS) service endpoint\n handling could allow a remote attacker to cause a denial of service on the\n server application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n \n A flaw in the way the Java Runtime Environment initialized LDAP connections\n could allow a remote, authenticated user to cause a denial of service on\n the LDAP service. (CVE-2009-1093)\n \n A flaw in the Java Runtime Environment LDAP client could allow malicious\n data from an LDAP server to cause arbitrary code to be loaded and then run\n on an LDAP client. (CVE-2009-1094)\n \n Several buffer overflow flaws were found in the Java Runtime Environment\n unpack200 functionality. An untrusted applet could extend its privileges,\n allowing it to read and write local files, as well as to execute local\n applications with the privileges of the user running the applet.\n (CVE-2009-1095, CVE-2009-1096)\n \n A flaw in the Java Runtime Environment Virtual Machine code generation\n functionality could allow untrusted applets to extend their privileges. An\n untrusted applet could extend its privileges, allowing it to read and write\n local files, as well as execute local applications with the privileges\n of the user running the applet. (CVE-2009-1102)\n \n A buffer overf ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\");\n script_id(880673);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0377\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\",\n \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\",\n \"CVE-2009-1102\");\n script_name(\"CentOS Update for java CESA-2009:0377 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:0377 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2009:0377 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880673\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0377\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\",\n \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\",\n \"CVE-2009-1102\");\n script_name(\"CentOS Update for java CESA-2009:0377 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way that the Java Virtual Machine (JVM) handled\n temporary font files. A malicious applet could use this flaw to use large\n amounts of disk space, causing a denial of service. (CVE-2006-2426)\n\n A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\n application using color profiles could use excessive amounts of memory, and\n possibly crash after using all available memory, if used to open\n specially-crafted images. (CVE-2009-0581)\n\n Multiple integer overflow flaws which could lead to heap-based buffer\n overflows, as well as multiple insufficient input validation flaws, were\n found in the way LittleCMS handled color profiles. An attacker could use\n these flaws to create a specially-crafted image file which could cause a\n Java application to crash or, possibly, execute arbitrary code when opened.\n (CVE-2009-0723, CVE-2009-0733)\n\n A null pointer dereference flaw was found in LittleCMS. An application\n using color profiles could crash while converting a specially-crafted image\n file. (CVE-2009-0793)\n\n A flaw in the Java API for XML Web Services (JAX-WS) service endpoint\n handling could allow a remote attacker to cause a denial of service on the\n server application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n\n A flaw in the way the Java Runtime Environment initialized LDAP connections\n could allow a remote, authenticated user to cause a denial of service on\n the LDAP service. (CVE-2009-1093)\n\n A flaw in the Java Runtime Environment LDAP client could allow malicious\n data from an LDAP server to cause arbitrary code to be loaded and then run\n on an LDAP client. (CVE-2009-1094)\n\n Several buffer overflow flaws were found in the Java Runtime Environment\n unpack200 functionality. An untrusted applet could extend its privileges,\n allowing it to read and write local files, as well as to execute local\n applications with the privileges of the user running the applet.\n (CVE-2009-1095, CVE-2009-1096)\n\n A flaw in the Java Runtime Environment Virtual Machine code generation\n functionality could allow untrusted applets to extend their privileges. An\n untrusted applet could extend its privileges, allowing it to read and write\n local files, as well as execute local applications with the privileges\n of the user running the applet. (CVE-2009-1102)\n\n A buffer overf ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:51", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064221", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064221", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_137.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:137 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK. For details, please visit\nthe referenced advisories.\n\nThis update provides fixes for these issues.\n\nUpdate:\n\njava-1.6.0-openjdk requires rhino packages and these has been further\nupdated.\n\nAffected: 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:137\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64221\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:37", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064495", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_162.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:162 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK:\n\nA memory leak flaw allows remote attackers to cause a denial of service\n(memory consumption and application crash) via a crafted image file\n(CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary\ncode via a crafted image file that triggers a heap-based buffer\noverflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to\nexecute arbitrary code via a crafted image file associated with a large\ninteger value for the (1) input or (2) output channel (CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote\nattackers to cause denial of service triggered by a NULL pointer\ndereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK:\n\nA flaw in handling temporary font files by the Java Virtual\nMachine (JVM) allows remote attackers to cause denial of service\n(CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse\naudio source data lines. An attacker could use this flaw to cause an\napplet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections\nallows authenticated remote users to cause denial of service on the\nLDAP service (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server\nLDAP responses allows remote attackers to execute arbitrary code on\nthe client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility\nallow remote attackers to execute arbitrary code via an crafted applet\n(CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers\nto execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to\nexecute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling allows remote attackers to cause a denial of service on the\nservice endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nallows remote attackers to execute arbitrary code via a crafted applet\n(CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:162\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64495\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:38", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64221", "href": "http://plugins.openvas.org/nasl.php?oid=64221", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_137.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:137 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK. For details, please visit\nthe referenced advisories.\n\nThis update provides fixes for these issues.\n\nUpdate:\n\njava-1.6.0-openjdk requires rhino packages and these has been further\nupdated.\n\nAffected: 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:137\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.\";\n\n \n\nif(description)\n{\n script_id(64221);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:33", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64495", "href": "http://plugins.openvas.org/nasl.php?oid=64495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_162.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:162 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK:\n\nA memory leak flaw allows remote attackers to cause a denial of service\n(memory consumption and application crash) via a crafted image file\n(CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary\ncode via a crafted image file that triggers a heap-based buffer\noverflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to\nexecute arbitrary code via a crafted image file associated with a large\ninteger value for the (1) input or (2) output channel (CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote\nattackers to cause denial of service triggered by a NULL pointer\ndereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK:\n\nA flaw in handling temporary font files by the Java Virtual\nMachine (JVM) allows remote attackers to cause denial of service\n(CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse\naudio source data lines. An attacker could use this flaw to cause an\napplet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections\nallows authenticated remote users to cause denial of service on the\nLDAP service (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server\nLDAP responses allows remote attackers to execute arbitrary code on\nthe client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility\nallow remote attackers to execute arbitrary code via an crafted applet\n(CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers\nto execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to\nexecute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling allows remote attackers to cause a denial of service on the\nservice endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nallows remote attackers to execute arbitrary code via a crafted applet\n(CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:162\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.\";\n\n \n\nif(description)\n{\n script_id(64495);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-06-15T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1379", "CVE-2009-1099", "CVE-2009-1377", "CVE-2009-0792", "CVE-2009-1268", "CVE-2009-1266", "CVE-2007-6725", "CVE-2009-0688", "CVE-2009-1100", "CVE-2009-1210", "CVE-2009-1378", "CVE-2008-6679", "CVE-2009-1492", "CVE-2009-0159", "CVE-2008-6123", "CVE-2009-1098", "CVE-2009-1267", "CVE-2009-1094", "CVE-2009-1274", "CVE-2009-1269", "CVE-2009-0241", "CVE-2009-1103", "CVE-2009-1364", "CVE-2007-5400", "CVE-2009-1252", "CVE-2009-1107", "CVE-2009-1493"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:011\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64196\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2007-5400\", \"CVE-2007-6725\", \"CVE-2008-6123\", \"CVE-2008-6679\", \"CVE-2009-0159\", \"CVE-2009-0196\", \"CVE-2009-0241\", \"CVE-2009-0688\", \"CVE-2009-0792\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\", \"CVE-2009-1210\", \"CVE-2009-1252\", \"CVE-2009-1266\", \"CVE-2009-1267\", \"CVE-2009-1268\", \"CVE-2009-1269\", \"CVE-2009-1274\", \"CVE-2009-1364\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1492\", \"CVE-2009-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_security2\", rpm:\"apache2-mod_security2~2.5.6~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~437.37.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm\", rpm:\"gdbm~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm-devel\", rpm:\"gdbm-devel~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.23_0.1~6.6.20\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-browse0\", rpm:\"libpulse-browse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-devel\", rpm:\"libpulse-devel~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-mainloop-glib0\", rpm:\"libpulse-mainloop-glib0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse0\", rpm:\"libpulse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.23_0.1~0.1.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.1~10.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango\", rpm:\"pango~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-devel\", rpm:\"pango-devel~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-doc\", rpm:\"pango-doc~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-module-thai-lang\", rpm:\"pango-module-thai-lang~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-lang\", rpm:\"pulseaudio-lang~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.24~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~51.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.4~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.4~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.4~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.4~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.4~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.4~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~413.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.4~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.4~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.4~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.4~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.4~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.4~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.4~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.4~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.4~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.4~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.4~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~11.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~376.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-06-15T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1379", "CVE-2009-1099", "CVE-2009-1377", "CVE-2009-0792", "CVE-2009-1268", "CVE-2009-1266", "CVE-2007-6725", "CVE-2009-0688", "CVE-2009-1100", "CVE-2009-1210", "CVE-2009-1378", "CVE-2008-6679", "CVE-2009-1492", "CVE-2009-0159", "CVE-2008-6123", "CVE-2009-1098", "CVE-2009-1267", "CVE-2009-1094", "CVE-2009-1274", "CVE-2009-1269", "CVE-2009-0241", "CVE-2009-1103", "CVE-2009-1364", "CVE-2007-5400", "CVE-2009-1252", "CVE-2009-1107", "CVE-2009-1493"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64196", "href": "http://plugins.openvas.org/nasl.php?oid=64196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_011.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:011\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(64196);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2007-5400\", \"CVE-2007-6725\", \"CVE-2008-6123\", \"CVE-2008-6679\", \"CVE-2009-0159\", \"CVE-2009-0196\", \"CVE-2009-0241\", \"CVE-2009-0688\", \"CVE-2009-0792\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\", \"CVE-2009-1210\", \"CVE-2009-1252\", \"CVE-2009-1266\", \"CVE-2009-1267\", \"CVE-2009-1268\", \"CVE-2009-1269\", \"CVE-2009-1274\", \"CVE-2009-1364\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1492\", \"CVE-2009-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_security2\", rpm:\"apache2-mod_security2~2.5.6~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~437.37.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm\", rpm:\"gdbm~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm-devel\", rpm:\"gdbm-devel~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.23_0.1~6.6.20\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-browse0\", rpm:\"libpulse-browse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-devel\", rpm:\"libpulse-devel~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-mainloop-glib0\", rpm:\"libpulse-mainloop-glib0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse0\", rpm:\"libpulse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.23_0.1~0.1.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.1~10.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango\", rpm:\"pango~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-devel\", rpm:\"pango-devel~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-doc\", rpm:\"pango-doc~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-module-thai-lang\", rpm:\"pango-module-thai-lang~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-lang\", rpm:\"pulseaudio-lang~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.24~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~51.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.4~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.4~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.4~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.4~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.4~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.4~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~413.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.4~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.4~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.4~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.4~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.4~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.4~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.4~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.4~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.4~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.4~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.4~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~11.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~376.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:46:56", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2009-1107", "CVE-2008-5351", "CVE-2009-1719"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310102042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102042", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102042\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2008-5352\", \"CVE-2008-5356\", \"CVE-2008-5353\",\n \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5339\", \"CVE-2009-1104\", \"CVE-2008-5360\",\n \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2009-1103\", \"CVE-2008-5347\",\n \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1099\", \"CVE-2009-1098\", \"CVE-2009-1097\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1094\", \"CVE-2009-1093\", \"CVE-2008-5341\", \"CVE-2008-5359\",\n \"CVE-2008-5342\", \"CVE-2008-5340\", \"CVE-2008-2086\", \"CVE-2008-5343\", \"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3632\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 4.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:50", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2009-1107", "CVE-2008-5351", "CVE-2009-1719"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102042", "href": "http://plugins.openvas.org/nasl.php?oid=102042", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT3632\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102042);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\",\"CVE-2009-1107\",\"CVE-2008-5352\",\"CVE-2008-5356\",\"CVE-2008-5353\",\"CVE-2008-5354\",\"CVE-2008-5357\",\"CVE-2008-5339\",\"CVE-2009-1104\",\"CVE-2008-5360\",\"CVE-2008-5344\",\"CVE-2008-5345\",\"CVE-2008-5346\",\"CVE-2009-1103\",\"CVE-2008-5347\",\"CVE-2008-5348\",\"CVE-2008-5349\",\"CVE-2008-5350\",\"CVE-2008-5351\",\"CVE-2009-1100\",\"CVE-2009-1101\",\"CVE-2009-1099\",\"CVE-2009-1098\",\"CVE-2009-1097\",\"CVE-2009-1095\",\"CVE-2009-1096\",\"CVE-2009-1094\",\"CVE-2009-1093\",\"CVE-2008-5341\",\"CVE-2008-5359\",\"CVE-2008-5342\",\"CVE-2008-5340\",\"CVE-2008-2086\",\"CVE-2008-5343\",\"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66348", "href": "http://plugins.openvas.org/nasl.php?oid=66348", "sourceData": "#\n#VID 078e3d197ce1488682c8fe5574f20e9b\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=551829\");\n script_id(66348);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:20", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066345", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066345", "sourceData": "#\n#VID slesp2-java-1_4_2-ibm-6648\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66345\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:48", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java2 and SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066344", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066344", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5063230.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java2 and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66344\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for IBM Java2 and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2_sr13.2~0.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:31", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066348", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066348", "sourceData": "#\n#VID 078e3d197ce1488682c8fe5574f20e9b\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=551829\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66348\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:23", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java2 and SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66344", "href": "http://plugins.openvas.org/nasl.php?oid=66344", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5063230.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java2 and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(66344);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for IBM Java2 and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2_sr13.2~0.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66345", "href": "http://plugins.openvas.org/nasl.php?oid=66345", "sourceData": "#\n#VID slesp2-java-1_4_2-ibm-6648\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66345);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:52", "description": "The remote host is missing an update to lcms\nannounced via advisory USN-744-1.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-744-1 (lcms)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-0921", "CVE-2009-1097", "CVE-2009-0928", "CVE-2009-0207", "CVE-2009-0626", "CVE-2009-0723", "CVE-2008-4316", "CVE-2009-0637", "CVE-2009-0629", "CVE-2009-0628", "CVE-2009-0784", "CVE-2009-1100", "CVE-2009-0635", "CVE-2009-0927", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0193", "CVE-2009-0920", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0633", "CVE-2009-0581", "CVE-2009-0634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64170", "href": "http://plugins.openvas.org/nasl.php?oid=64170", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_744_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_744_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-744-1 (lcms)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n liblcms1 1.13-1ubuntu0.2\n\nUbuntu 7.10:\n liblcms1 1.16-5ubuntu3.2\n python-liblcms 1.16-5ubuntu3.2\n\nUbuntu 8.04 LTS:\n liblcms1 1.16-7ubuntu1.2\n python-liblcms 1.16-7ubuntu1.2\n\nUbuntu 8.10:\n liblcms1 1.16-10ubuntu0.2\n python-liblcms 1.16-10ubuntu0.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-744-1\";\n\ntag_insight = \"Chris Evans discovered that LittleCMS did not properly handle certain error\nconditions, resulting in a large memory leak. If a user or automated system\nwere tricked into processing an image with malicious ICC tags, a remote\nattacker could cause a denial of service. (CVE-2009-0581)\n\nChris Evans discovered that LittleCMS contained multiple integer overflows.\nIf a user or automated system were tricked into processing an image with\nmalicious ICC tags, a remote attacker could crash applications linked\nagainst liblcms1, leading to a denial of service, or possibly execute\narbitrary code with user privileges. (CVE-2009-0723)\n\nChris Evans discovered that LittleCMS did not properly perform bounds\nchecking, leading to a buffer overflow. If a user or automated system were\ntricked into processing an image with malicious ICC tags, a remote attacker\ncould execute arbitrary code with user privileges. (CVE-2009-0733)\";\ntag_summary = \"The remote host is missing an update to lcms\nannounced via advisory USN-744-1.\";\n\n \n\n\nif(description)\n{\n script_id(64170);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-0927\", \"CVE-2009-0207\", \"CVE-2009-0928\", \"CVE-2009-0193\", \"CVE-2009-0629\", \"CVE-2009-0626\", \"CVE-2009-0628\", \"CVE-2009-0635\", \"CVE-2009-0633\", \"CVE-2009-0634\", \"CVE-2009-0637\", \"CVE-2009-0784\", \"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-744-1 (lcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-744-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"systemtap\", ver:\"0.0.20080705-1+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:18", "description": "The remote host is missing an update to gs-gpl\nannounced via advisory USN-743-1.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-743-1 (gs-gpl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-0921", "CVE-2009-1097", "CVE-2009-0928", "CVE-2009-0207", "CVE-2009-0626", "CVE-2009-0723", "CVE-2008-4316", "CVE-2009-0637", "CVE-2009-0629", "CVE-2009-0584", "CVE-2009-0628", "CVE-2009-0784", "CVE-2009-1100", "CVE-2009-0583", "CVE-2009-0635", "CVE-2009-0927", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0193", "CVE-2009-0920", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0633", "CVE-2009-0581", "CVE-2009-0634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64169", "href": "http://plugins.openvas.org/nasl.php?oid=64169", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_743_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_743_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-743-1 (gs-gpl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gs-gpl 8.15-4ubuntu3.2\n\nUbuntu 7.10:\n libgs8 8.61.dfsg.1~svn8187-0ubuntu3.5\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.1\n\nUbuntu 8.10:\n libgs8 8.63.dfsg.1-0ubuntu6.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-743-1\";\n\ntag_insight = \"It was discovered that Ghostscript contained multiple integer overflows in\nits ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript file, an attacker could cause a\ndenial of service or execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2009-0583)\n\nIt was discovered that Ghostscript did not properly perform bounds checking\nin its ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript file, an attacker could cause a\ndenial of service or execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2009-0584)\";\ntag_summary = \"The remote host is missing an update to gs-gpl\nannounced via advisory USN-743-1.\";\n\n \n\n\nif(description)\n{\n script_id(64169);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-0583\", \"CVE-2009-0584\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-0927\", \"CVE-2009-0207\", \"CVE-2009-0928\", \"CVE-2009-0193\", \"CVE-2009-0629\", \"CVE-2009-0626\", \"CVE-2009-0628\", \"CVE-2009-0635\", \"CVE-2009-0633\", \"CVE-2009-0634\", \"CVE-2009-0637\", \"CVE-2009-0784\", \"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-743-1 (gs-gpl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-743-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.15-4ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.15-4ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"systemtap\", ver:\"0.0.20080705-1+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-18T14:26:08", "description": "The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition.\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6253.NASL", "href": "https://www.tenable.com/plugins/nessus/41528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41528);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in\nthe Java Runtime Environment (JRE) with storing temporary font files\nmay allow an untrusted applet or application to consume a\ndisproportionate amount of disk space resulting in a denial-of-service\ncondition.\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6253.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:01", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-090328.NASL", "href": "https://www.tenable.com/plugins/nessus/40236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-698.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40236);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)\");\n script_summary(english:\"Check for the java-1_5_0-sun-698 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:13", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_5_0-SUN-6125.NASL", "href": "https://www.tenable.com/plugins/nessus/36070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-6125.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36070);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)\");\n script_summary(english:\"Check for the java-1_5_0-sun-6125 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : IBM Java 5 JRE and IBM Java 5 SDK (YOU Patch Number 12422)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12422.NASL", "href": "https://www.tenable.com/plugins/nessus/41302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41302);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 5 JRE and IBM Java 5 SDK (YOU Patch Number 12422)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with storing temporary font files may allow an untrusted\n applet or application to consume a disproportionate\n amount of disk space resulting in a denial-of-service\n condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12422.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-JRE-1.5.0-0.64\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-SDK-1.5.0-0.64\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:07", "description": "IBM Java 6 SR 5 was released fixing various bugs and critical security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing PNG images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) HTTP server implementation may allow a remote client to create a denial-of-service condition on a JAX-WS service endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched on an earlier version of the Java Runtime Environment (JRE) provided the user that downloaded the applet allows it to run on the requested release. A vulnerability allows JavaScript code that is present in the same web page as the applet to exploit known vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with parsing crossdomain.xml files may allow an untrusted applet to connect to any site that provides a crossdomain.xml file instead of sites that allow the domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-090629.NASL", "href": "https://www.tenable.com/plugins/nessus/41406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41406);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR 5 was released fixing various bugs and critical security\nissues :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing PNG images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with storing temporary font files may allow an untrusted\n applet or application to consume a disproportionate\n amount of disk space resulting in a denial-of-service\n condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n HTTP server implementation may allow a remote client to\n create a denial-of-service condition on a JAX-WS service\n endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched\n on an earlier version of the Java Runtime Environment\n (JRE) provided the user that downloaded the applet\n allows it to run on the requested release. A\n vulnerability allows JavaScript code that is present in\n the same web page as the applet to exploit known\n vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with\n parsing crossdomain.xml files may allow an untrusted\n applet to connect to any site that provides a\n crossdomain.xml file instead of sites that allow the\n domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=494536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=516361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1058.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0-124.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:30", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9-SSU Java release. All running instances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/40745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40745);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1038\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1038\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1038\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.5.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:23", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR5 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1198.NASL", "href": "https://www.tenable.com/plugins/nessus/40747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1198. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40747);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1198\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1198\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1198\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:32", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/40003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40003);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:35", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-090328.NASL", "href": "https://www.tenable.com/plugins/nessus/40242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40242);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:12", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_6_0-SUN-6128.NASL", "href": "https://www.tenable.com/plugins/nessus/36071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-6128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36071);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)\");\n script_summary(english:\"Check for the java-1_6_0-sun-6128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-src-1.6.0.u12-1.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:35", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871. (CVE-2009-1107)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/41407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41407);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier; 6 Update 12 and earlier; SDK and JRE\n 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not\n close the connection when initialization fails, which\n allows remote attackers to cause a denial of service\n (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in\n Java SE Development Kit (JDK) and Java Runtime\n Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\n and earlier; SDK and JRE 1.3.1_24 and earlier; and\n 1.4.2_19 and earlier allows remote LDAP servers to\n execute arbitrary code via unknown vectors related to\n serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 6 Update 12 and\n earlier allow remote attackers to access files or\n execute arbitrary code via a crafted (1) PNG image, aka\n CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to\n access files or execute arbitrary code via a crafted GIF\n image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier, and 6 Update 12 and earlier,\n allow remote attackers to cause a denial of service\n (disk consumption) via vectors related to temporary font\n files and (1) 'limits on Font creation,' aka CR 6522586,\n and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server\n implementation in Java SE Development Kit (JDK) and Java\n Runtime Environment (JRE) 6 Update 12 and earlier allows\n remote attackers to cause a denial of service (probably\n resource consumption) for a JAX-WS service endpoint via\n a connection without any data, which triggers a file\n descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java\n SE Development Kit (JDK) and Java Runtime Environment\n (JRE) 6 Update 12 and earlier allows remote attackers to\n access files and execute arbitrary code via unknown\n vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\n remote attackers to access files and execute arbitrary\n code via unknown vectors related to 'deserializing\n applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; and 1.4.2_19 and\n earlier does not prevent JavaScript that is loaded from\n the localhost from connecting to other ports on the\n system, which allows user-assisted attackers to bypass\n intended access restrictions via LiveConnect, aka CR\n 6724331. NOTE: this vulnerability can be leveraged with\n separate cross-site scripting (XSS) vulnerabilities for\n remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n allows user-assisted remote attackers to cause a trusted\n applet to run in an older JRE version, which can be used\n to exploit vulnerabilities in that older version, aka CR\n 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n does not properly parse crossdomain.xml files, which\n allows remote attackers to bypass intended access\n restrictions and connect to arbitrary sites via unknown\n vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12 and earlier,\n and 5.0 Update 17 and earlier, allows remote attackers\n to trick a user into trusting a signed applet via\n unknown vectors that misrepresent the security warning\n dialog, related to a 'Swing JLabel HTML parsing\n vulnerability,' aka CR 6782871. (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 699.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:39", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64829);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK\n/ JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary,\nany affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:31", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/40742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0394. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40742);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0394\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment\nand the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099,\nCVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0394\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:36", "description": "Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0392.NASL", "href": "https://www.tenable.com/plugins/nessus/40741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40741);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0392\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment\nand the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102,\nCVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0392\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:13", "description": "This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section.\n\nAll running instances of Sun Java must be restarted for the update to take effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's are signed with the usual signature.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60555);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section.\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's\nare signed with the usual signature.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=467\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94b61170\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:05", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege-escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {}, "published": "2009-03-27T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569.NASL", "href": "https://www.tenable.com/plugins/nessus/36034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36034);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege-escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\");\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2825206\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18,\nSDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if\nnecessary, any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:46", "description": "It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain generated code. If a user were tricked into running a malicious applet a remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-748-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36366);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34240);\n script_xref(name:\"USN\", value:\"748-1\");\n\n script_name(english:\"Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that font creation could leak temporary files. If a\nuser were tricked into loading a malicious program or applet, a remote\nattacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly\nclose files on dataless connections. A remote attacker could send\nspecially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain\ngenerated code. If a user were tricked into running a malicious applet\na remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A\nremote attacker could send specially crafted requests, leading to a\ndenial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A\nremote attacker could send specially crafted requests that could lead\nto arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or\nautomated system were tricked into processing a malicious JAR file, a\nremote attacker could crash the application, leading to a denial of\nservice. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to\nmemory corruption. If a user or automated system were tricked into\nprocessing a specially crafted image, a remote attacker could crash\nthe application, leading to a denial of service. (CVE-2009-1097,\nCVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/748-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-dbg / openjdk-6-demo / openjdk-6-doc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:54", "description": "JavaSE 5.0_x86: update 61 patch (equivalent to JDK 5.0u61), 64bit.\nDate this patch was last updated by Sun : Jan/14/14", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 118669-61", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1099", "CVE-2009-1104"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:118669", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_118669-61.NASL", "href": "https://www.tenable.com/plugins/nessus/107800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107800);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1099\", \"CVE-2009-1104\");\n\n script_name(english:\"Solaris 10 (x86) : 118669-61\");\n script_summary(english:\"Check for patch 118669-61\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118669-61\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 5.0_x86: update 61 patch (equivalent to JDK 5.0u61), 64bit.\nDate this patch was last updated by Sun : Jan/14/14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118669-61\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 118669-61 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1099\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:118669\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-61\", obsoleted_by:\"\", package:\"SUNWj5dmx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-61\", obsoleted_by:\"\", package:\"SUNWj5dvx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-61\", obsoleted_by:\"\", package:\"SUNWj5rtx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj5dmx / SUNWj5dvx / SUNWj5rtx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:20:04", "description": "JavaSE for business 5.0_x86: update 18 pat.\nDate this patch was last updated by Sun : Mar/23/09", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 118669-19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1099", "CVE-2009-1104"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:118669", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_118669-19.NASL", "href": "https://www.tenable.com/plugins/nessus/107799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107799);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1099\", \"CVE-2009-1104\");\n\n script_name(english:\"Solaris 10 (x86) : 118669-19\");\n script_summary(english:\"Check for patch 118669-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 118669-19\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE for business 5.0_x86: update 18 pat.\nDate this patch was last updated by Sun : Mar/23/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/118669-19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 118669-19\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:118669\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-19\", obsoleted_by:\"\", package:\"SUNWj5dmx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-19\", obsoleted_by:\"\", package:\"SUNWj5dvx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"118669-19\", obsoleted_by:\"\", package:\"SUNWj5rtx\", version:\"1.5.0,REV=2005.03.04.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj5dmx / SUNWj5dvx / SUNWj5rtx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:24", "description": "Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform.\n\n - CVE-2006-2426 Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition.\n\n - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793\n\n Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581 ), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer dereference, leading to denial of service (CVE-2009-0793 ).\n\n - CVE-2009-1093 The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition.\n\n - CVE-2009-1094 The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client.\n\n - CVE-2009-1101 The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability.\n\n - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098\n\n Several issues in Java Web Start have been addressed.\n The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless.", "cvss3": {}, "published": "2009-04-13T00:00:00", "type": "nessus", "title": "Debian DSA-1769-1 : openjdk-6 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1769.NASL", "href": "https://www.tenable.com/plugins/nessus/36142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1769. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36142);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_bugtraq_id(34185, 34240, 34411);\n script_xref(name:\"DSA\", value:\"1769\");\n\n script_name(english:\"Debian DSA-1769-1 : openjdk-6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\n - CVE-2006-2426\n Creation of large, temporary fonts could use up\n available disk space, leading to a denial of service\n condition.\n\n - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 /\n CVE-2009-0793\n\n Several vulnerabilities existed in the embedded\n LittleCMS library, exploitable through crafted images: a\n memory leak, resulting in a denial of service condition\n (CVE-2009-0581 ), heap-based buffer overflows,\n potentially allowing arbitrary code execution\n (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer\n dereference, leading to denial of service (CVE-2009-0793\n ).\n\n - CVE-2009-1093\n The LDAP server implementation (in com.sun.jdni.ldap)\n did not properly close sockets if an error was\n encountered, leading to a denial-of-service condition.\n\n - CVE-2009-1094\n The LDAP client implementation (in com.sun.jdni.ldap)\n allowed malicious LDAP servers to execute arbitrary code\n on the client.\n\n - CVE-2009-1101\n The HTTP server implementation (sun.net.httpserver)\n contained an unspecified denial of service\n vulnerability.\n\n - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 /\n CVE-2009-1098\n\n Several issues in Java Web Start have been addressed.\n The Debian packages currently do not support Java Web\n Start, so these issues are not directly exploitable, but\n the relevant code has been updated nevertheless.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1769\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-dbg\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-demo\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-doc\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jdk\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-source\", reference:\"6b11-9.1+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:47", "description": "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9.\n\nThe remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.", "cvss3": {}, "published": "2009-07-09T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.4 Release 9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2023-05-01T00:00:00", "cpe": [], "id": "MACOSX_JAVA_REL9.NASL", "href": "https://www.tenable.com/plugins/nessus/39766", "sourceData": "#TRUSTED 7b6593f8ba36f08f5d1f33f70b8bb005cd5a73457dd82e13ab64be14a5922b77331f9fb941aeaa1c256726bc23c0de226513384b6b6ba5ef1949684d7678ff702359c136faea3838f70bbea15eb9f670a29b6a71992d62505313b6f0959f0db42e4bb9640716ce0b80ce130eb99f3508d83e1118648613aea50ad918dfd7a0f419893916dd186f9c3e8a65a2c19373880cf4c1baca9a73a7aae3b7a021ab1fda24b186e3a2f4811db1eb8a139ade87f89810d14b009d9ad86480b87705de22533425e0821172ac5a7ab5d98267af18f85da8c3f53be3b29d8257b1025dc6718a65b6434e4c95d693f865c56cb8c2e4d788ee3ec16456faa64c1c55c345835eb552ee317bde6b69d49857a097cb5ffee129281276883436b8edb2f7c96994445e5350d78dc91668dc611834d5479c9ce571d6d265284bf9c544508857753a8d8bb8ae7385125eb2391c1b0dde8f2024d4af35c393ba78594ffd162022ed258e7dbb4d6102f5843b9c8d98f7d74a29b6d6f9172a11bdf05b2c8814d5e50160dd44002996b0a931e7c9c6243362a5d4b5c955b85ab564ae88d0f476643178e08ae21110405ae75b994d3610cea52eb42aa604eeab50b72ae488b05a3e999607a5dce5dcddb0f875e5fdf94836f512a70c345b5a2af12e3cbb1e83af13bbd4112aca161e4b5e9734fe9203dd958546f61c9dc831cc962a0b0b0d8b4b84d2f0f90949\n#TRUST-RSA-SHA256 41a8dc0e10f65d079606507ce43d7b1f87d9a2f6e66264c577bfef72c6f00ffdd2f14a9ce3de290a57a23a81bb8dd1d30a2e400affa19225f90c83be7d1d859e94a6179a422a5be90e71310c715337aec816e507bafc76788f9342cfbe0b00b114c7847d45935743f55c7202c3afd11ca27c4ea73ccc46de9fac717409b872a03793b63ff76a47e51ec6d842e9788fc8d373eb4da9adbe81e16665e675dd271144e77f18dbd5610af58a815ba07bf75d499375c56dff20564d5353cccff6068c615f9bd0c7ad1871d579ca212ab207a25c05ab2c9dc7e34e72d165ae3e2c318d63fff690ca013556a3e14d7b23f4d407ef5330d68003ea3a7ec82793c576e9ce74af147270fc1aaf864dc4550c297096544128dac92d3f241db74d5cdd0892eb81fe81f43221d7bef84c0045766d1b4816bef272d438f5512f1accde1586e95b6afa9a5f32b38367038e12d532a6701f9fc2eccf283f97dd704237894992f4449d07c7ed8aa3cfb0e7b89cb7ad830e1de7665023dead0e7347685bd623757fa0cde9f22a47d314643c5493065550bb34c851af094ec1b9d86408dca5beaba2c57b2244400c6221656a1f5d8d1c435aa2075f3ac2524c564ac39d80dc5b3c3547de8576a7f8a6ab6953e996ee16d68231fe60ba8149129e582f7af80edbd7453bb7c5bd5a7b8b1bf477dc78a3de20e165eaca38201b556d6f711a51fb34b616ec\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39766);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/01\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(32892, 34240);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.4 Release 9\");\n script_summary(english:\"Check for Java Release 9 on Mac OS X 10.4\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.4 host is running a version of Java for Mac OS\nX older than release 9.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Java for Mac OS X 10.4 release 9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1096\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread_wrapper(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.4.11 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 8\\.11\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\$.*\\\$<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 11.9.0.\n if (\n ver[0] < 11 ||\n (ver[0] == 11 && ver[1] < 9)\n ) security_hole(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:57", "description": "From Red Hat Security Advisory 2009:0377 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/67831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0377 and \n# Oracle Linux Security Advisory ELSA-2009-0377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67831);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0377 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000953.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:43:41", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/43736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0377 and \n# CentOS Errata and Security Advisory 2009:0377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43736);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acd4c7e9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015735.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db5eb3c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:05", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-08T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/36111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0377. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36111);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\&qu

openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)

Description

Related