Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-1388-1.NASL
HistoryMay 25, 2016 - 12:00 a.m.

SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1)

2016-05-2500:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

This IBM Java 1.6.0 SR16 FP25 release fixes the following issues :

Security issues fixed :

CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648)

CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650)

CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646)

The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:1388-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91319);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");

  script_cve_id(
    "CVE-2013-3009",
    "CVE-2013-5456",
    "CVE-2016-0264",
    "CVE-2016-0363",
    "CVE-2016-0376",
    "CVE-2016-0686",
    "CVE-2016-0687",
    "CVE-2016-3422",
    "CVE-2016-3426",
    "CVE-2016-3427",
    "CVE-2016-3443",
    "CVE-2016-3449"
  );
  script_bugtraq_id(61308, 63618);
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");

  script_name(english:"SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This IBM Java 1.6.0 SR16 FP25 release fixes the following issues :

Security issues fixed :

CVE-2016-0264: buffer overflow vulnerability in the IBM JVM
(bsc#977648)

CVE-2016-0363: insecure use of invoke method in CORBA component,
incorrect CVE-2013-3009 fix (bsc#977650)

CVE-2016-0376: insecure deserialization in CORBA, incorrect
CVE-2013-5456 fix (bsc#977646)

The following CVEs got also fixed during this update. (bsc#979252)
CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427,
CVE-2016-3449, CVE-2016-3422, CVE-2016-3426

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977646");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977648");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977650");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=979252");
  # https://download.suse.com/patch/finder/?keywords=133b4d37ec640a121ad2dbcba2704f70
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83856dc8");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0264/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0363/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0376/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0686/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0687/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3422/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3426/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3427/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3443/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3449/");
  # https://www.suse.com/support/update/announcement/2016/suse-su-20161388-1/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89b7e174");
  script_set_attribute(attribute:"solution", value:
"Update the affected IBM Java 1.6.0 packages");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-devel-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"java-1_6_0-ibm-alsa-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"java-1_6_0-ibm-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"java-1_6_0-ibm-devel-32bit-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"java-1_6_0-ibm-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"java-1_6_0-ibm-devel-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.25-0.11.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"java-1_6_0-ibm-alsa-1.6.0_sr16.25-0.11.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "IBM Java 1.6.0");
}
VendorProductVersionCPE
novellsuse_linuxjava-1_6_0-ibmp-cpe:/a:novell:suse_linux:java-1_6_0-ibm
novellsuse_linuxjava-1_6_0-ibm-alsap-cpe:/a:novell:suse_linux:java-1_6_0-ibm-alsa
novellsuse_linuxjava-1_6_0-ibm-develp-cpe:/a:novell:suse_linux:java-1_6_0-ibm-devel
novellsuse_linuxjava-1_6_0-ibm-fontsp-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts
novellsuse_linuxjava-1_6_0-ibm-jdbcp-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc
novellsuse_linuxjava-1_6_0-ibm-pluginp-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin
novellsuse_linux10cpe:/o:novell:suse_linux:10

References

Related

nessus 41
suse 15
openvas 32
ibm 79
aix 1
redhat 10
f5 2
gentoo 1
oraclelinux 2
mageia 1
centos 3
ubuntu 2
amazon 1
cvelist 2
prion 2
cve 2
debian 2
osv 1
nessus
nessus
RHEL 7 : java-1.8.0-ibm (RHSA-2016:0716)
2016-05-04 00:00:00
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1379-1)
2016-05-24 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1300-1)
2016-05-16 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2016-05-13 21:07:55
Security update for java-1_7_1-ibm (important)
2016-05-13 16:09:03
Security update for java-1_7_1-ibm (important)
2016-05-13 16:08:16
openvas
openvas
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2016:1299-1)
2016-05-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1388-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1300-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2016-0363, CVE-2016-0376 plus additional CVEs.)
2018-06-17 15:23:04
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization Center
2018-06-16 13:40:07
Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time
2018-06-15 07:05:33
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
redhat
redhat
(RHSA-2016:0708) Critical: java-1.6.0-ibm security update
2016-05-02 00:00:00
(RHSA-2016:0702) Critical: java-1.7.0-ibm security update
2016-04-29 00:00:00
(RHSA-2016:0716) Critical: java-1.8.0-ibm security update
2016-05-03 18:23:40
f5
f5
K77535578 : Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
SOL77535578 - Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2016-06-27 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.8.0-openjdk security update
2016-04-20 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2016-04-25 10:57:21
centos
centos
java security update
2016-04-21 14:19:29
java security update
2016-04-21 15:30:55
java security update
2016-05-09 15:12:42
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-05-05 00:00:00
OpenJDK 6 vulnerabilities
2016-05-10 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2016-04-21 16:00:00
cvelist
cvelist
CVE-2016-0363
2016-06-03 14:00:00
CVE-2016-0376
2016-06-03 14:00:00
prion
prion
Design/Logic Flaw
2016-06-03 14:59:00
Design/Logic Flaw
2016-06-03 14:59:00
cve
cve
CVE-2016-0376
2016-06-03 14:59:00
CVE-2016-0363
2016-06-03 14:59:00
debian
debian
[SECURITY] [DLA 451-1] openjdk-7 security update
2016-05-03 10:37:58
[SECURITY] [DSA 3558-1] openjdk-7 security update
2016-04-26 20:25:31
osv
osv
openjdk-7 - security update
2016-04-26 00:00:00
JSON
Related for SUSE_SU-2016-1388-1.NASL
nessus41suse15openvas32ibm79aix1redhat10f52gentoo1oraclelinux2mageia1centos3ubuntu2amazon1cvelist2prion2cve2debian2osv1