Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2022 Tenable Network Security, Inc.SUSE_11_JAVA-1_6_0-SUN-100331.NASL
HistoryDec 02, 2010 - 12:00 a.m.

SuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225)

2010-12-0200:00:00
This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.
www.tenable.com
13
JSON

Sun Java 6 was updated to Update 19, fixing a large number of security issues: CVE-2009-3555 / CVE-2010-0082 / CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0090 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0093 / CVE-2010-0094 / CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0838 / CVE-2010-0839 / CVE-2010-0840 / CVE-2010-0841 / CVE-2010-0842 / CVE-2010-0843 / CVE-2010-0844 / CVE-2010-0845 / CVE-2010-0846 / CVE-2010-0847 / CVE-2010-0848 / CVE-2010-0849 / CVE-2010-0850.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50917);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id(
    "CVE-2009-3555",
    "CVE-2010-0082",
    "CVE-2010-0084",
    "CVE-2010-0085",
    "CVE-2010-0087",
    "CVE-2010-0088",
    "CVE-2010-0089",
    "CVE-2010-0090",
    "CVE-2010-0091",
    "CVE-2010-0092",
    "CVE-2010-0093",
    "CVE-2010-0094",
    "CVE-2010-0095",
    "CVE-2010-0837",
    "CVE-2010-0838",
    "CVE-2010-0839",
    "CVE-2010-0840",
    "CVE-2010-0841",
    "CVE-2010-0842",
    "CVE-2010-0843",
    "CVE-2010-0844",
    "CVE-2010-0845",
    "CVE-2010-0846",
    "CVE-2010-0847",
    "CVE-2010-0848",
    "CVE-2010-0849",
    "CVE-2010-0850"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"SuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Sun Java 6 was updated to Update 19, fixing a large number of security
issues: CVE-2009-3555 / CVE-2010-0082 / CVE-2010-0084 / CVE-2010-0085
/ CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0090 /
CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0093 / CVE-2010-0094 /
CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0838 / CVE-2010-0839 /
CVE-2010-0840 / CVE-2010-0841 / CVE-2010-0842 / CVE-2010-0843 /
CVE-2010-0844 / CVE-2010-0845 / CVE-2010-0846 / CVE-2010-0847 /
CVE-2010-0848 / CVE-2010-0849 / CVE-2010-0850.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=578877");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=592589");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3555.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0082.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0084.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0085.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0087.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0088.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0089.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0090.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0091.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0092.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0093.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0094.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0095.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0837.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0838.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0839.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0840.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0841.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0842.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0843.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0844.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0845.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0846.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0847.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0848.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0849.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0850.html");
  script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 2225.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(310);

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");


flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-alsa-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-demo-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-jdbc-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-plugin-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"java-1_6_0-sun-src-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-alsa-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-demo-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-jdbc-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-plugin-1.6.0.u19-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"java-1_6_0-sun-src-1.6.0.u19-0.1.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src
novellsuse_linux11cpe:/o:novell:suse_linux:11

References

Related

openvas 28
nessus 37
redhat 9
suse 2
fedora 3
gentoo 1
oraclelinux 1
ubuntu 1
securityvulns 11
centos 1
prion 21
ubuntucve 21
cve 19
checkpoint_advisories 3
oracle 1
veracode 17
zdi 5
saint 9
packetstorm 2
cert 1
symantec 1
canvas 1
metasploit 2
seebug 2
openvas
openvas
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-04-07 00:00:00
Oracle Java SE Multiple Vulnerabilities - Windows
2010-04-07 00:00:00
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
nessus
nessus
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)
2010-04-09 00:00:00
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)
2010-04-09 00:00:00
SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)
2010-10-11 00:00:00
redhat
redhat
(RHSA-2010:0338) Critical: java-1.5.0-sun security update
2010-03-31 00:00:00
(RHSA-2010:0337) Critical: java-1.6.0-sun security update
2010-03-31 00:00:00
(RHSA-2010:0471) Low: Red Hat Network Satellite Server IBM Java Runtime security update
2010-06-14 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
fedora
fedora
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
securityvulns
securityvulns
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
ubuntucve
ubuntucve
CVE-2010-0088
2010-04-01 00:00:00
CVE-2010-0084
2010-04-01 00:00:00
CVE-2010-0095
2010-04-01 00:00:00
cve
cve
CVE-2010-0088
2010-04-01 16:30:00
CVE-2010-0085
2010-04-01 16:30:00
CVE-2010-0084
2010-04-01 16:30:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
Oracle Java SE MixerSequencer Object GM_Song Remote Code Execution (CVE-2010-0842)
2017-10-03 00:00:00
Oracle Java Soundbank Resource Name Stack Buffer Overflow (CVE-2010-0839)
2010-05-26 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
zdi
zdi
Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
2010-04-05 00:00:00
saint
saint
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
packetstorm
packetstorm
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2010-09-09 00:00:00
Java MixerSequencer Object GM_Song Structure Handling
2012-02-17 00:00:00
cert
cert
Oracle Sun Java fails to properly validate Java applet signatures
2010-04-02 00:00:00
symantec
symantec
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
2010-03-30 00:00:00
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE2
2010-04-01 16:30:00
metasploit
metasploit
Java RMIConnectionImpl Deserialization Privilege Escalation
2010-09-08 08:20:55
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2012-02-15 22:32:31
seebug
seebug
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
2014-07-01 00:00:00
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2014-07-01 00:00:00
JSON
Related for SUSE_11_JAVA-1_6_0-SUN-100331.NASL
openvas28nessus37redhat9suse2fedora3gentoo1oraclelinux1ubuntu1securityvulns11centos1prion21ubuntucve21cve19checkpoint_advisories3oracle1veracode17zdi5saint9packetstorm2cert1symantec1canvas1metasploit2seebug2