Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2015-1073-1.NASL
HistoryJun 18, 2015 - 12:00 a.m.

SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)

2015-06-1800:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

This update fixes the following security issues :

  • Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138

  • Fix removeing links before update-alternatives run.
    bnc#931702

  • Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives

  • Fix bnc#912447, use system cacerts

  • Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2015:1073-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84260);
  script_version("2.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-8891", "CVE-2014-8892", "CVE-2015-0138", "CVE-2015-0192", "CVE-2015-1914", "CVE-2015-2808");
  script_bugtraq_id(73258, 73259, 73326, 73684, 74545, 74645);

  script_name(english:"SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues :

  - Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192
    CVE-2015-2808 CVE-2015-1914 CVE-2015-0138

  - Fix removeing links before update-alternatives run.
    bnc#931702

  - Fix bnc#912434, javaws/plugin stuff should slave plugin
    update-alternatives

  - Fix bnc#912447, use system cacerts

  - Update to 7.1.2.10 for sec issues bnc#916266 and
    bnc#916265 CVE-2014-8892 CVE-2014-8891

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=912434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=912447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=930365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=931702"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-0138/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-0192/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-1914/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-2808/"
  );
  # https://www.suse.com/support/update/announcement/2015/suse-su-20151073-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d5b74bdb"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-270=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-270=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-alsa-1.7.1_sr3.0-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_7_1-ibm-plugin-1.7.1_sr3.0-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-1.7.1_sr3.0-11.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_1-ibm-jdbc-1.7.1_sr3.0-11.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-ibm");
}
VendorProductVersionCPE
novellsuse_linuxjava-1_7_1-ibmp-cpe:/a:novell:suse_linux:java-1_7_1-ibm
novellsuse_linuxjava-1_7_1-ibm-alsap-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa
novellsuse_linuxjava-1_7_1-ibm-jdbcp-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc
novellsuse_linuxjava-1_7_1-ibm-pluginp-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

suse 12
openvas 6
nessus 21
ibm 137
prion 4
veracode 7
cve 4
redhat 5
aix 2
huawei 1
suse
suse
Security update for java-1_7_0-ibm (important)
2015-06-16 22:06:38
Security update for java-1_6_0-ibm (important)
2015-02-17 16:06:52
Security update for java-1_6_0-ibm (important)
2015-02-25 19:05:03
openvas
openvas
SUSE: Security Advisory for java-1_7_0-ibm (SUSE-SU-2015:0343-1)
2015-10-13 00:00:00
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2015:0304-1)
2015-10-16 00:00:00
SUSE: Security Advisory for IBM Java (SUSE-SU-2015:1086-1)
2015-10-16 00:00:00
nessus
nessus
SuSE 11.3 Security Update : java-1_6_0-ibm (SAT Patch Number 10299)
2015-02-23 00:00:00
SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:0306-1)
2019-01-02 00:00:00
SuSE 11.3 Security Update : java-1_7_0-ibm (SAT Patch Number 10300)
2015-02-23 00:00:00
ibm
ibm
Security Bulletin: IBM Security Identity Manager Virtual Appliance affected by Java vulnerabilities (CVE-2015-0138 CVE-2015-0204 CVE-2015-1914 CVE-2015-2808 )
2018-06-16 21:25:18
Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Application Server (CVE-2015-2808)
2018-06-15 07:02:51
Security Bulletin: Vulnerability in RC4 stream cipher in IBM SDK Java Technology Edition, Versions 1.6 and 1.7 affects IBM SPSS Collaboration and Deployment Services (CVE-2015-2808)
2018-06-16 13:14:44
prion
prion
Security feature bypass
2015-03-06 23:59:00
Security feature bypass
2015-03-06 23:59:00
Design/Logic Flaw
2015-07-02 21:59:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:07:30
Information Disclosure
2019-05-02 05:07:30
Sandbox Restrictions Bypass
2019-05-02 05:39:14
cve
cve
CVE-2014-8891
2015-03-06 23:59:00
CVE-2014-8892
2015-03-06 23:59:00
CVE-2015-1914
2015-07-02 21:59:00
redhat
redhat
(RHSA-2015:1021) Important: java-1.5.0-ibm security update
2015-05-20 00:00:00
(RHSA-2015:1020) Critical: java-1.7.1-ibm security update
2015-05-20 00:00:00
(RHSA-2015:1091) Low: Red Hat Satellite IBM Java Runtime security update
2015-06-11 00:00:00
aix
aix
AIX IBM SDK Java JSSE vulnerability
2015-04-13 12:11:24
Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS
2015-04-27 15:27:04
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
JSON
Related for SUSE_SU-2015-1073-1.NASL
suse12openvas6nessus21ibm137prion4veracode7cve4redhat5aix2huawei1