Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_JAVA-1_4_2-IBM-7106.NASL
HistoryOct 11, 2010 - 12:00 a.m.

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7106)

2010-10-1100:00:00
This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49862);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id(
    "CVE-2010-0084",
    "CVE-2010-0085",
    "CVE-2010-0087",
    "CVE-2010-0088",
    "CVE-2010-0089",
    "CVE-2010-0091",
    "CVE-2010-0095",
    "CVE-2010-0839",
    "CVE-2010-0840",
    "CVE-2010-0841",
    "CVE-2010-0842",
    "CVE-2010-0843",
    "CVE-2010-0844",
    "CVE-2010-0846",
    "CVE-2010-0847",
    "CVE-2010-0848",
    "CVE-2010-0849"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7106)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 10 host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0084.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0085.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0087.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0088.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0089.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0091.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0095.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0839.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0840.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0841.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0842.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0843.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0844.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0846.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0847.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0848.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0849.html");
  script_set_attribute(attribute:"solution", value:
"Apply ZYPP patch number 7106.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_4_2-ibm-1.4.2_sr13.5-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_4_2-ibm-devel-1.4.2_sr13.5-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"i586", reference:"java-1_4_2-ibm-jdbc-1.4.2_sr13.5-0.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"i586", reference:"java-1_4_2-ibm-plugin-1.4.2_sr13.5-0.4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 36
redhat 9
suse 2
openvas 27
gentoo 1
securityvulns 12
fedora 3
oraclelinux 1
ubuntu 1
centos 1
ubuntucve 18
prion 18
cve 18
veracode 17
cert 1
zdi 8
checkpoint_advisories 2
saint 8
attackerkb 1
canvas 1
packetstorm 2
seebug 2
metasploit 2
thn 3
cisa_kev 1
exploitdb 2
oracle 1
threatpost 1
nessus
nessus
SuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)
2010-12-02 00:00:00
SuSE9 Security Update : IBM Java (YOU Patch Number 12626)
2010-09-03 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)
2010-07-30 00:00:00
redhat
redhat
(RHSA-2010:0574) Critical: java-1.4.2-ibm security update
2010-07-29 00:00:00
(RHSA-2010:0586) Moderate: java-1.4.2-ibm-sap security update
2010-08-02 00:00:00
(RHSA-2010:0489) Critical: java-1.5.0-ibm security update
2010-06-17 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-07-06 17:26:45
remote code execution in java-1_6_0-ibm
2010-07-01 17:43:53
openvas
openvas
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
HP-UX Update for Java HPSBUX02524
2010-06-07 00:00:00
Oracle Java SE Multiple Vulnerabilities (Windows)
2010-04-07 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2010-06-04 00:00:00
securityvulns
securityvulns
Oracle Sun Java multiple security vulnerabilities
2010-04-07 00:00:00
[USN-923-1] OpenJDK vulnerabilities
2010-04-07 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc12
2010-04-09 01:28:22
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-34.b17.fc11
2010-04-09 01:32:00
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-37.b17.fc13
2010-04-09 21:05:39
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2010-04-08 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2010-04-07 00:00:00
centos
centos
java security update
2010-06-12 15:56:24
ubuntucve
ubuntucve
CVE-2010-0088
2010-04-01 00:00:00
CVE-2010-0084
2010-04-01 00:00:00
CVE-2010-0085
2010-04-01 00:00:00
prion
prion
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
Design/Logic Flaw
2010-04-01 16:30:00
cve
cve
CVE-2010-0084
2010-04-01 16:30:00
CVE-2010-0091
2010-04-01 16:30:00
CVE-2010-0088
2010-04-01 16:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
Privilege Escalation
2020-04-10 00:45:50
cert
cert
Oracle Sun Java fails to properly validate Java applet signatures
2010-04-02 00:00:00
zdi
zdi
Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability
2010-04-05 00:00:00
Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability
2010-04-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE MixerSequencer Object GM_Song Remote Code Execution (CVE-2010-0842)
2017-10-03 00:00:00
Oracle Java Soundbank Resource Name Stack Buffer Overflow (CVE-2010-0839)
2010-05-26 00:00:00
saint
saint
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow
2010-04-22 00:00:00
Java Runtime Environment MixerSequence Function Pointer Control
2012-02-28 00:00:00
attackerkb
attackerkb
CVE-2010-0840
2010-04-01 00:00:00
canvas
canvas
Immunity Canvas: JAVA_METHOD_CHAIN
2010-04-01 16:30:00
packetstorm
packetstorm
Java MixerSequencer Object GM_Song Structure Handling
2012-02-17 00:00:00
Java Statement.invoke() Trusted Method Chain Exploit
2010-08-24 00:00:00
seebug
seebug
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2014-07-01 00:00:00
Java Statement.invoke() Trusted Method Chain Exploit
2014-07-01 00:00:00
metasploit
metasploit
Java MixerSequencer Object GM_Song Structure Handling Vulnerability
2012-02-15 22:32:31
Java Statement.invoke() Trusted Method Chain Privilege Escalation
2010-08-21 06:38:29
thn
thn
Phoenix exploit kit 2.5 leaked, Download Now !
2011-04-15 07:47:00
Crimepack 3.1.3 Exploit kit Leaked, available for Download !
2011-05-15 00:56:00
Researchers caught espionage malware mastermind on webcam
2012-10-30 20:02:00
cisa_kev
cisa_kev
Oracle JRE Unspecified Vulnerability
2022-05-25 00:00:00
exploitdb
exploitdb
Java MixerSequencer Object - GM_Song Structure Handling (Metasploit)
2012-02-16 00:00:00
Java - &#039;Statement.invoke()&#039; Trusted Method Chain (Metasploit)
2010-12-15 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00
threatpost
threatpost
Java Still a Favorite Target of Attackers
2011-11-30 19:39:18
JSON
Related for SUSE_JAVA-1_4_2-IBM-7106.NASL
nessus36redhat9suse2openvas27gentoo1securityvulns12fedora3oraclelinux1ubuntu1centos1ubuntucve18prion18cve18veracode17cert1zdi8checkpoint_advisories2saint8attackerkb1canvas1packetstorm2seebug2metasploit2thn3cisa_kev1exploitdb2oracle1threatpost1