Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_11_1_JAVA-1_6_0-OPENJDK-090303.NASL
HistoryJul 21, 2009 - 12:00 a.m.

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)

2009-07-2100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
84
JSON

OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues.

It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA public keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP sockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal to the ‘package.access’ property in $JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE 246366 6721753 File.createTempFile produces guessable file names CVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM crash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed font CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks for ‘Main-Class’ manifest entry in JAR files CVE-2008-5354 aka SUN SOLVE 244990 6734167 Calendar.readObject allows elevation of privileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE TrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987 6755943 Java JAR Pack200 Decompression should enforce stricter header checks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image may cause crash in java splashscreen library. CVE-2008-5358 aka SUN SOLVE 244987

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update java-1_6_0-openjdk-578.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40238);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360");

  script_name(english:"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)");
  script_summary(english:"Check for the java-1_6_0-openjdk-578 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of
security issues.

It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum
to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory
info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA
public keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP
sockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal
to the 'package.access' property in
$JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE
246366 6721753 File.createTempFile produces guessable file names
CVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM
crash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed
font CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks
for 'Main-Class' manifest entry in JAR files CVE-2008-5354 aka SUN
SOLVE 244990 6734167 Calendar.readObject allows elevation of
privileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE
TrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987
6755943 Java JAR Pack200 Decompression should enforce stricter header
checks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image
may cause crash in java splashscreen library. CVE-2008-5358 aka SUN
SOLVE 244987"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=471829"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1_6_0-openjdk packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(119, 189, 200, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-1.4_b14-24.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-demo-1.4_b14-24.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-devel-1.4_b14-24.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-javadoc-1.4_b14-24.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-plugin-1.4_b14-24.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-src-1.4_b14-24.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-openjdk");
}
VendorProductVersionCPE
novellopensusejava-1_6_0-openjdkp-cpe:/a:novell:opensuse:java-1_6_0-openjdk
novellopensusejava-1_6_0-openjdk-demop-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo
novellopensusejava-1_6_0-openjdk-develp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel
novellopensusejava-1_6_0-openjdk-javadocp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc
novellopensusejava-1_6_0-openjdk-pluginp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin
novellopensusejava-1_6_0-openjdk-srcp-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src
novellopensuse11.1cpe:/o:novell:opensuse:11.1

Related

openvas 57
fedora 2
nessus 38
securityvulns 2
ubuntu 1
redhat 9
seebug 7
suse 3
vmware 2
prion 13
cve 13
zdi 1
ubuntucve 13
saint 4
canvas 2
packetstorm 2
checkpoint_advisories 4
exploitpack 2
symantec 1
metasploit 1
threatpost 3
oracle 1
exploitdb 4
gentoo 1
ibm 1
openvas
openvas
Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
2009-02-16 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
2009-02-16 00:00:00
Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913
2009-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
2008-12-07 04:33:22
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
2008-12-07 04:27:51
nessus
nessus
Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)
2009-04-23 00:00:00
Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)
2009-04-23 00:00:00
Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)
2008-12-08 00:00:00
securityvulns
securityvulns
[USN-713-1] openjdk-6 vulnerabilities
2009-01-31 00:00:00
Sun Java JRE / JDK / Web Start multiple security vulnerabilities
2009-04-23 00:00:00
ubuntu
ubuntu
openjdk-6 vulnerabilities
2009-01-27 00:00:00
redhat
redhat
(RHSA-2009:0466) Low: java-1.5.0-ibm security update
2009-05-07 00:00:00
(RHSA-2008:1018) Critical: java-1.6.0-sun security update
2008-12-04 00:00:00
(RHSA-2009:0015) Critical: java-1.6.0-ibm security update
2009-01-13 00:00:00
seebug
seebug
Sun Java JDK/JRE安全更新修复多个漏洞
2008-12-09 00:00:00
Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
2014-07-01 00:00:00
Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserialization Exploit
2008-12-03 00:00:00
suse
suse
remote code execution in Sun Java
2009-01-09 15:49:38
remote code execution in IBM Java 1.4.2 and 6
2009-04-07 14:51:07
local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm
2009-01-29 14:08:00
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
prion
prion
Design/Logic Flaw
2008-12-05 11:30:00
Authentication flaw
2008-12-05 11:30:00
Memory corruption
2008-12-05 11:30:00
cve
cve
CVE-2008-5347
2008-12-05 11:30:00
CVE-2008-5359
2008-12-05 11:30:00
CVE-2008-5349
2008-12-05 11:30:00
zdi
zdi
Sun Java AWT Library Sandbox Violation Vulnerability
2008-12-04 00:00:00
ubuntucve
ubuntucve
CVE-2008-5349
2008-12-05 00:00:00
CVE-2008-5347
2008-12-05 00:00:00
CVE-2008-5358
2008-12-05 00:00:00
saint
saint
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE
2008-12-05 06:30:00
Immunity Canvas: JAVA_DESERIALIZE_WIN32
2008-12-05 11:30:00
packetstorm
packetstorm
Sun Java Calendar Deserialization
2009-10-27 00:00:00
Signed Applet Social Engineering Code Exec
2010-02-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)
2010-06-23 00:00:00
Sun Java Runtime Environment JAR File Processing Stack Buffer Overflow (CVE-2008-5354)
2010-07-13 00:00:00
Sun Java Runtime Environment Pack200 Decompression Integer Overflow (CVE-2008-5352; CVE-2009-1095)
2010-08-03 00:00:00
exploitpack
exploitpack
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
symantec
symantec
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-03 00:00:00
metasploit
metasploit
Sun Java Calendar Deserialization Privilege Escalation
2009-12-15 20:37:15
threatpost
threatpost
Serious Mac OS X Java vulnerability disclosed
2009-05-20 17:37:46
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream
2012-08-30 02:03:14
Java Still a Favorite Target of Attackers
2011-11-30 19:39:18
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
exploitdb
exploitdb
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
Signed Applet Social Engineering - Code Execution (Metasploit)
2011-01-08 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SUSE_11_1_JAVA-1_6_0-OPENJDK-090303.NASL
openvas57fedora2nessus38securityvulns2ubuntu1redhat9seebug7suse3vmware2prion13cve13zdi1ubuntucve13saint4canvas2packetstorm2checkpoint_advisories4exploitpack2symantec1metasploit1threatpost3oracle1exploitdb4gentoo1ibm1