This update to icedtea-2.4.1 fixes various security issues :
S6741606, CVE-2013-2407: Integrate Apache Santuario
S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls
S7170730, CVE-2013-2451: Improve Windows network stack support.
S8000638, CVE-2013-2450: Improve deserialization
S8000642, CVE-2013-2446: Better handling of objects for transportation
S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers
S8001034, CVE-2013-1500: Memory management improvements
S8001038, CVE-2013-2444: Resourcefully handle resources
S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost
S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only)
S8003703, CVE-2013-2412: Update RMI connection dialog box
S8004288, CVE-2013-2449: (fs) Files.probeContentType problems
S8006328, CVE-2013-2448: Improve robustness of sound classes
S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes
S8008120, CVE-2013-2457: Improve JMX class checking
S8008124, CVE-2013-2453: Better compliance testing
S8008132, CVE-2013-2456: Better serialization support
S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606
S8009057, CVE-2013-2448: Improve MIDI event handling
S8009071, CVE-2013-2459: Improve shape handling
S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change
S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields
S8010209, CVE-2013-2460: Better provision of factories
S8011243, CVE-2013-2470: Improve ImagingLib
S8011248, CVE-2013-2471: Better Component Rasters
S8011253, CVE-2013-2472: Better Short Component Rasters
S8011257, CVE-2013-2473: Better Byte Component Rasters
S8012375, CVE-2013-1571: Improve Javadoc framing
S8012438, CVE-2013-2463: Better image validation
S8012597, CVE-2013-2465: Better image channel verification
S8012601, CVE-2013-2469: Better validation of image layouts
S8014281, CVE-2013-2461: Better checking of XML signature
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(69071);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/29");
script_cve_id(
"CVE-2013-1500",
"CVE-2013-1571",
"CVE-2013-2407",
"CVE-2013-2412",
"CVE-2013-2443",
"CVE-2013-2444",
"CVE-2013-2445",
"CVE-2013-2446",
"CVE-2013-2447",
"CVE-2013-2448",
"CVE-2013-2449",
"CVE-2013-2450",
"CVE-2013-2451",
"CVE-2013-2452",
"CVE-2013-2453",
"CVE-2013-2454",
"CVE-2013-2455",
"CVE-2013-2456",
"CVE-2013-2457",
"CVE-2013-2458",
"CVE-2013-2459",
"CVE-2013-2460",
"CVE-2013-2461",
"CVE-2013-2463",
"CVE-2013-2465",
"CVE-2013-2469",
"CVE-2013-2470",
"CVE-2013-2471",
"CVE-2013-2472",
"CVE-2013-2473"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/18");
script_name(english:"SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 8090)");
script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 11 host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update to icedtea-2.4.1 fixes various security issues :
- S6741606, CVE-2013-2407: Integrate Apache Santuario
- S7158805, CVE-2013-2445: Better rewriting of nested
subroutine calls
- S7170730, CVE-2013-2451: Improve Windows network stack
support.
- S8000638, CVE-2013-2450: Improve deserialization
- S8000642, CVE-2013-2446: Better handling of objects for
transportation
- S8001033, CVE-2013-2452: Refactor network address
handling in virtual machine identifiers
- S8001034, CVE-2013-1500: Memory management improvements
- S8001038, CVE-2013-2444: Resourcefully handle resources
- S8001318, CVE-2013-2447: Socket.getLocalAddress not
consistent with InetAddress.getLocalHost
- S8001330, CVE-2013-2443: Improve on checking order
(non-Zero builds only)
- S8003703, CVE-2013-2412: Update RMI connection dialog
box
- S8004288, CVE-2013-2449: (fs) Files.probeContentType
problems
- S8006328, CVE-2013-2448: Improve robustness of sound
classes
- S8007812, CVE-2013-2455: (reflect)
Class.getEnclosingMethod problematic for some classes
- S8008120, CVE-2013-2457: Improve JMX class checking
- S8008124, CVE-2013-2453: Better compliance testing
- S8008132, CVE-2013-2456: Better serialization support
- S8008744, CVE-2013-2407: Rework part of fix for
JDK-6741606
- S8009057, CVE-2013-2448: Improve MIDI event handling
- S8009071, CVE-2013-2459: Improve shape handling
- S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292
implementation change
- S8009554, CVE-2013-2454: Improve
SerialJavaObject.getFields
- S8010209, CVE-2013-2460: Better provision of factories
- S8011243, CVE-2013-2470: Improve ImagingLib
- S8011248, CVE-2013-2471: Better Component Rasters
- S8011253, CVE-2013-2472: Better Short Component Rasters
- S8011257, CVE-2013-2473: Better Byte Component Rasters
- S8012375, CVE-2013-1571: Improve Javadoc framing
- S8012438, CVE-2013-2463: Better image validation
- S8012597, CVE-2013-2465: Better image channel
verification
- S8012601, CVE-2013-2469: Better validation of image
layouts
- S8014281, CVE-2013-2461: Better checking of XML
signature");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828665");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1500.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1571.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2407.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2412.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2443.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2444.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2445.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2446.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2447.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2448.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2449.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2450.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2451.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2452.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2453.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2454.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2455.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2456.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2457.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2458.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2459.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2460.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2461.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2463.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2465.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2469.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2470.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2471.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2472.html");
script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2473.html");
script_set_attribute(attribute:"solution", value:
"Apply SAT patch number 8090.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2013/07/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"java-1_7_0-openjdk-1.7.0.6-0.19.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"java-1_7_0-openjdk-demo-1.7.0.6-0.19.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"java-1_7_0-openjdk-devel-1.7.0.6-0.19.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.6-0.19.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.6-0.19.2")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.6-0.19.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-demo |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:java-1_7_0-openjdk-devel |
novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
support.novell.com/security/cve/CVE-2013-1500.html
support.novell.com/security/cve/CVE-2013-1571.html
support.novell.com/security/cve/CVE-2013-2407.html
support.novell.com/security/cve/CVE-2013-2412.html
support.novell.com/security/cve/CVE-2013-2443.html
support.novell.com/security/cve/CVE-2013-2444.html
support.novell.com/security/cve/CVE-2013-2445.html
support.novell.com/security/cve/CVE-2013-2446.html
support.novell.com/security/cve/CVE-2013-2447.html
support.novell.com/security/cve/CVE-2013-2448.html
support.novell.com/security/cve/CVE-2013-2449.html
support.novell.com/security/cve/CVE-2013-2450.html
support.novell.com/security/cve/CVE-2013-2451.html
support.novell.com/security/cve/CVE-2013-2452.html
support.novell.com/security/cve/CVE-2013-2453.html
support.novell.com/security/cve/CVE-2013-2454.html
support.novell.com/security/cve/CVE-2013-2455.html
support.novell.com/security/cve/CVE-2013-2456.html
support.novell.com/security/cve/CVE-2013-2457.html
support.novell.com/security/cve/CVE-2013-2458.html
support.novell.com/security/cve/CVE-2013-2459.html
support.novell.com/security/cve/CVE-2013-2460.html
support.novell.com/security/cve/CVE-2013-2461.html
support.novell.com/security/cve/CVE-2013-2463.html
support.novell.com/security/cve/CVE-2013-2465.html
support.novell.com/security/cve/CVE-2013-2469.html
support.novell.com/security/cve/CVE-2013-2470.html
support.novell.com/security/cve/CVE-2013-2471.html
support.novell.com/security/cve/CVE-2013-2472.html
support.novell.com/security/cve/CVE-2013-2473.html
bugzilla.novell.com/show_bug.cgi?id=828665