Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_JAVA-1_6_0-IBM-7369.NASL
HistoryMar 22, 2011 - 12:00 a.m.

SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)

2011-03-2200:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float number handling :

  • The Java Runtime Environment hangs forever when converting ‘2.2250738585072012e-308’ to a binary floating-point number. (CVE-2010-4476)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(52752);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2010-4422", "CVE-2010-4447", "CVE-2010-4448", "CVE-2010-4452", "CVE-2010-4454", "CVE-2010-4462", "CVE-2010-4463", "CVE-2010-4465", "CVE-2010-4467", "CVE-2010-4468", "CVE-2010-4471", "CVE-2010-4473", "CVE-2010-4475", "CVE-2010-4476");

  script_name(english:"SuSE 10 Security Update : java-1_6_0-ibm, java-1_6_0-ibm-32bit, java-1_6_0-ibm-64bit, java-1_6_0-ibm-alsa, java-1_6_0-ibm-alsa-32bit, java-1_6_0-ibm-demo, java-1_6_0-ibm-devel, java-1_6_0-ibm-devel-32bit, java-1_6_0-ibm-fonts, java-1_6_0-ibm-jdbc, java-1_6_0-ibm-jdbc-32bit, java-1_6_0-ibm-jdbc-64bit, java-1_6_0-ibm-plugin, java-1_6_0-ibm-plugin-32bit, java-1_6_0-ibm-src (ZYPP Patch Number 7369)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"IBM Java 6 SR9 FP1 was updated to fix a critical security bug in float
number handling :

  - The Java Runtime Environment hangs forever when
    converting '2.2250738585072012e-308' to a binary
    floating-point number. (CVE-2010-4476)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4422.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4447.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4448.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4452.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4454.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4462.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4465.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4467.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4468.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4471.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4473.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4475.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4476.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7369.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Applet2ClassLoader Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_6_0-ibm-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_6_0-ibm-devel-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_6_0-ibm-fonts-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_6_0-ibm-jdbc-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"java-1_6_0-ibm-plugin-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"i586", reference:"java-1_6_0-ibm-alsa-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"java-1_6_0-ibm-32bit-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"java-1_6_0-ibm-alsa-32bit-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"java-1_6_0-ibm-devel-32bit-1.6.0_sr9.1-1.5.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-32bit-1.6.0_sr9.1-1.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 39
redhat 15
openvas 44
suse 4
securityvulns 5
prion 14
ubuntucve 14
cve 14
ubuntu 3
fedora 2
veracode 14
zdi 4
saint 4
canvas 1
checkpoint_advisories 2
seebug 3
d2 1
packetstorm 1
threatpost 2
metasploit 1
osv 2
debian 1
checkpoint_security 1
f5 1
oraclelinux 1
jvn 2
github 1
centos 1
cisa 1
ibm 1
nessus
nessus
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4109)
2011-03-22 00:00:00
RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0357)
2011-03-17 00:00:00
Mac OS X : Java for Mac OS X 10.6 Update 4
2011-03-09 00:00:00
redhat
redhat
(RHSA-2011:0357) Critical: java-1.6.0-ibm security update
2011-03-16 00:00:00
(RHSA-2011:0364) Critical: java-1.5.0-ibm security update
2011-03-17 00:00:00
(RHSA-2011:0282) Critical: java-1.6.0-sun security update
2011-02-17 00:00:00
openvas
openvas
HP-UX Update for Java HPSBUX02685
2011-06-06 00:00:00
Java for Mac OS X 10.6 Update 4
2011-08-29 00:00:00
SuSE Update for java-1_6_0-sun SUSE-SA:2011:010
2011-02-28 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
remote code execution in java-1_4_2-ibm
2011-05-13 13:10:27
remote code execution in java-1_6_0-sun
2011-02-22 14:41:11
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities / OpenJDK
2011-02-17 00:00:00
ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
2011-02-17 00:00:00
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-17 00:00:00
prion
prion
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
Design/Logic Flaw
2011-02-17 19:00:00
ubuntucve
ubuntucve
CVE-2010-4454
2011-02-17 00:00:00
CVE-2010-4473
2011-02-17 00:00:00
CVE-2010-4462
2011-02-17 00:00:00
cve
cve
CVE-2010-4454
2011-02-17 19:00:00
CVE-2010-4462
2011-02-17 19:00:00
CVE-2010-4473
2011-02-17 19:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2011-03-17 00:00:00
OpenJDK 6 vulnerabilities
2011-03-01 00:00:00
OpenJDK 6 vulnerabilities
2011-03-15 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.7.fc14
2011-02-16 19:20:33
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.7.fc13
2011-02-16 19:17:23
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:57:56
Denial Of Service (DoS)
2020-04-10 00:57:57
Unspecified Vulnerability
2020-04-10 00:57:55
zdi
zdi
Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
2011-02-15 00:00:00
Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
2011-02-15 00:00:00
Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability
2011-02-15 00:00:00
saint
saint
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
Oracle Java Applet2ClassLoader Vulnerability
2011-05-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_4452
2011-02-17 19:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java XGetSamplePtrFromSnd Memory Corruption (CVE-2010-4462)
2011-06-28 00:00:00
Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)
2011-05-31 00:00:00
seebug
seebug
Sun Java Applet2ClassLoader - Remote Code Execution Exploit
2014-07-01 00:00:00
Oracle Java Applet剪贴板注入远程代码执行漏洞
2011-12-01 00:00:00
IBM WebSphere Application Server未验证访问漏洞
2011-04-02 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_CLASSLOADER
2011-02-17 19:00:00
packetstorm
packetstorm
Sun Java Applet2ClassLoader Remote Code Execution Exploit
2011-03-16 00:00:00
threatpost
threatpost
The Tale of One Thousand and One DSL Modems
2012-10-02 14:51:59
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
2011-11-07 12:44:36
metasploit
metasploit
Sun Java Applet2ClassLoader Remote Code Execution
2011-03-16 04:50:25
osv
osv
openjdk-6 - several
2011-04-20 00:00:00
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
2022-05-14 02:16:07
debian
debian
[SECURITY] [DSA 2224-1] openjdk-6 security update
2011-04-20 20:19:48
checkpoint_security
checkpoint_security
Check Point's response to Oracle Java Floating-Point Value Denial of Service Vulnerability (CVE-2010-4476)
2011-02-14 22:00:00
f5
f5
K12826 : Java Runtime Environment (JRE) vulnerability: CVE-2010-4476
2013-09-11 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-02-11 00:00:00
jvn
jvn
JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)
2011-03-04 00:00:00
JVN#26301278: IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
2011-03-04 00:00:00
github
github
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
2022-05-14 02:16:07
centos
centos
java security update
2011-04-14 14:31:40
cisa
cisa
Oracle Releases Security Alert for Java Runtime Environment
2011-02-10 00:00:00
ibm
ibm
Security Bulletin: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)
2020-09-10 15:43:59
JSON
Related for SUSE_JAVA-1_6_0-IBM-7369.NASL
nessus39redhat15openvas44suse4securityvulns5prion14ubuntucve14cve14ubuntu3fedora2veracode14zdi4saint4canvas1checkpoint_advisories2seebug3d21packetstorm1threatpost2metasploit1osv2debian1checkpoint_security1f51oraclelinux1jvn2github1centos1cisa1ibm1