Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 Tenable Network Security, Inc.SUSE_JAVA-1_6_0-SUN-5132.NASL
HistoryApr 04, 2008 - 12:00 a.m.

openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5132)

2008-04-0400:00:00
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
www.tenable.com
25
JSON

Sun Java was updated to 1.6.0u5 to fix following security vulnerabilities :

  • CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186.

  • CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185.

  • CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

  • CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188.

  • CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.

  • CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and β€˜execute local applications’ via unknown vectors.

  • CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

  • CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update java-1_6_0-sun-5132.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(31774);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-1158", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1195", "CVE-2008-1196");

  script_name(english:"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5132)");
  script_summary(english:"Check for the java-1_6_0-sun-5132 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Sun Java was updated to 1.6.0u5 to fix following security
vulnerabilities :

  - CVE-2008-1158: Unspecified vulnerability in the Virtual
    Machine for Sun Java Runtime Environment (JRE) and JDK 6
    Update 4 and earlier, 5.0 Update 14 and earlier, and
    SDK/JRE 1.4.2_16 and earlier allows remote attackers
    should gain privileges via an untrusted application or
    applet, a different issue than CVE-2008-1186.

  - CVE-2008-1186: Unspecified vulnerability in the Virtual
    Machine for Sun Java Runtime Environment (JRE) and JDK
    5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and
    earlier, allows remote attackers to gain privileges via
    an untrusted application or applet, a different issue
    than CVE-2008-1185.

  - CVE-2008-1187: Unspecified vulnerability in Sun Java
    Runtime Environment (JRE) and JDK 6 Update 4 and
    earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16
    and earlier allows remote attackers to cause a denial of
    service (JRE crash) and possibly execute arbitrary code
    via unknown vectors related to XSLT transforms.

  - CVE-2008-1189: Buffer overflow in Java Web Start in Sun
    JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and
    earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
    attackers to execute arbitrary code via unknown vectors,
    a different issue than CVE-2008-1188.

  - CVE-2008-1190: Unspecified vulnerability in Java Web
    Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0
    Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier
    allows remote attackers to gain privileges via an
    untrusted application, a different issue than
    CVE-2008-1191.

  - CVE-2008-1192: Unspecified vulnerability in the Java
    Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and
    5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
    earlier, and 1.3.1_21 and earlier; allows remote
    attackers to bypass the same origin policy and 'execute
    local applications' via unknown vectors.

  - CVE-2008-1195: Unspecified vulnerability in Sun JDK and
    Java Runtime Environment (JRE) 6 Update 4 and earlier
    and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16
    and earlier; allows remote attackers to access arbitrary
    network services on the local host via unspecified
    vectors related to JavaScript and Java APIs.

  - CVE-2008-1196: Stack-based buffer overflow in Java Web
    Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and
    earlier and 5.0 Update 14 and earlier; and SDK and JRE
    1.4.2_16 and earlier; allows remote attackers to execute
    arbitrary code via a crafted JNLP file."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected java-1_6_0-sun packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(20, 119, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-alsa-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-debuginfo-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-demo-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-devel-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-jdbc-1.6.0.u5-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"java-1_6_0-sun-plugin-1.6.0.u5-0.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-sun");
}
VendorProductVersionCPE
novellopensusejava-1_6_0-sunp-cpe:/a:novell:opensuse:java-1_6_0-sun
novellopensusejava-1_6_0-sun-alsap-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa
novellopensusejava-1_6_0-sun-debuginfop-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo
novellopensusejava-1_6_0-sun-demop-cpe:/a:novell:opensuse:java-1_6_0-sun-demo
novellopensusejava-1_6_0-sun-develp-cpe:/a:novell:opensuse:java-1_6_0-sun-devel
novellopensusejava-1_6_0-sun-jdbcp-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc
novellopensusejava-1_6_0-sun-pluginp-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin
novellopensuse10.3cpe:/o:novell:opensuse:10.3

Related

nessus 36
openvas 38
redhat 9
suse 3
f5 2
prion 12
ubuntucve 11
cve 12
vmware 2
gentoo 1
d2 1
securityvulns 7
checkpoint_advisories 1
zdi 2
cert 1
mozilla 1
cisco 1
seebug 1
ubuntu 1
ibm 1
nessus
nessus
openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5133)
2008-04-04 00:00:00
SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)
2008-04-04 00:00:00
openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5130)
2008-04-04 00:00:00
openvas
openvas
SLES10: Security update for Sun Java
2009-10-13 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
SLES10: Security update for Sun Java
2009-10-13 00:00:00
redhat
redhat
(RHSA-2008:0186) Critical: java-1.5.0-sun security update
2008-03-06 00:00:00
(RHSA-2008:0267) Critical: java-1.6.0-ibm security update
2008-05-19 00:00:00
(RHSA-2008:0210) Critical: java-1.5.0-ibm security update
2008-04-03 00:00:00
suse
suse
remote code execution in Sun Java
2008-04-02 15:02:11
remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm
2008-04-25 14:46:33
remote code execution in MozillaFirefox
2008-04-04 15:01:05
f5
f5
K16475 : Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
SOL16475 - Multiple Sun Java vulnerabilities
2015-04-21 00:00:00
prion
prion
Design/Logic Flaw
2008-03-06 21:44:00
Design/Logic Flaw
2008-03-06 21:44:00
Design/Logic Flaw
2008-03-06 21:44:00
ubuntucve
ubuntucve
CVE-2008-1190
2008-03-06 00:00:00
CVE-2008-1191
2008-03-06 00:00:00
CVE-2008-1189
2008-03-06 00:00:00
cve
cve
CVE-2008-1185
2008-03-06 21:44:00
CVE-2008-1191
2008-03-06 21:44:00
CVE-2008-1190
2008-03-06 21:44:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2008-04-17 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_JAVAWS
2008-03-06 21:44:00
securityvulns
securityvulns
Sun java WebStart multiple security vulnerabilities
2008-03-13 00:00:00
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
2008-03-13 00:00:00
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
2008-03-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start Charset Encoding Stack Buffer Overflow (CVE-2008-1188)
2010-03-01 00:00:00
zdi
zdi
Java Web Start tempbuff Stack Buffer Overflow Vulnerability
2008-03-12 00:00:00
Java Web Start encoding Stack Buffer Overflow Vulnerability
2008-03-12 00:00:00
cert
cert
Sun Java WebStart stack buffer overflow
2008-03-06 00:00:00
mozilla
mozilla
Java socket connection to any local port via LiveConnect β€” Mozilla
2008-03-25 00:00:00
cisco
cisco
Cisco Unified Presence Denial of Service Vulnerabilities
2008-05-14 16:00:00
seebug
seebug
Cisco Unified PresenceεΌ•ζ“Žε€šδΈͺζ‹’η»ζœεŠ‘ζΌζ΄ž
2008-05-17 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for SUSE_JAVA-1_6_0-SUN-5132.NASL
nessus36openvas38redhat9suse3f52prion12ubuntucve11cve12vmware2gentoo1d21securityvulns7checkpoint_advisories1zdi2cert1mozilla1cisco1seebug1ubuntu1ibm1