Search...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)

2014-06-13T00:00:00
ID SUSE_11_3_JAVA-1_6_0-OPENJDK-110228.NASL
Type nessus
Reporter Tenable
Modified 2018-08-09T00:00:00

Description

Multiple vulnerabilities were fixed in java-1_6_0-openjdk :

  • CVE-2010-4448: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by untrusted applets

  • CVE-2010-4450: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect processing of empty library path entries

  • CVE-2010-4465: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security manager bypass

  • CVE-2010-4469: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap corruption

  • CVE-2010-4470: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component state manipulation

  • CVE-2010-4471: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system property leak

  • CVE-2010-4472: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to replace DSIG/C14N implementation

  • CVE-2011-0706: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update java-1_6_0-openjdk-4038.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75538);
  script_version("1.3");
  script_cvs_date("Date: 2018/08/09 13:09:35");

  script_cve_id("CVE-2010-4448", "CVE-2010-4450", "CVE-2010-4465", "CVE-2010-4469", "CVE-2010-4470", "CVE-2010-4471", "CVE-2010-4472", "CVE-2011-0706");

  script_name(english:"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)");
  script_summary(english:"Check for the java-1_6_0-openjdk-4038 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities were fixed in java-1_6_0-openjdk :

  - CVE-2010-4448: CVSS v2 Base Score: 2.6
    (AV:N/AC:H/Au:N/C:N/I:P/A:N): DNS cache poisoning by
    untrusted applets

  - CVE-2010-4450: CVSS v2 Base Score: 3.7
    (AV:L/AC:H/Au:N/C:P/I:P/A:P): Launcher incorrect
    processing of empty library path entries

  - CVE-2010-4465: CVSS v2 Base Score: 6.8
    (AV:N/AC:M/Au:N/C:P/I:P/A:P): Swing timer-based security
    manager bypass

  - CVE-2010-4469: CVSS v2 Base Score: 6.8
    (AV:N/AC:M/Au:N/C:P/I:P/A:P): Hotspot backward jsr heap
    corruption

  - CVE-2010-4470: CVSS v2 Base Score: 4.3
    (AV:N/AC:M/Au:N/C:N/I:N/A:P): JAXP untrusted component
    state manipulation

  - CVE-2010-4471: CVSS v2 Base Score: 4.3
    (AV:N/AC:M/Au:N/C:N/I:P/A:N): Java2D font-related system
    property leak

  - CVE-2010-4472: CVSS v2 Base Score: 2.6
    (AV:N/AC:H/Au:N/C:P/I:N/A:N): Untrusted code allowed to
    replace DSIG/C14N implementation

  - CVE-2011-0706: CVSS v2 Base Score: 7.5
    (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges,
    and Access Control (CWE-264)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.opensuse.org/opensuse-updates/2011-03/msg00002.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=671714"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1_6_0-openjdk packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-javadoc-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-plugin-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"java-1_6_0-openjdk-src-1.6.0.0_b20.1.9.7-1.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-openjdk");
}
JSON Vulners Source
Initial Source


All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018
Protected by