Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2022 Canonical, Inc. / NASL script (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1735-1.NASL
HistoryFeb 22, 2013 - 12:00 a.m.

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1)

2013-02-2200:00:00
Ubuntu Security Notice (C) 2013-2022 Canonical, Inc. / NASL script (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the ‘Lucky Thirteen’ issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169)

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)

A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485)

Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1735-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(64801);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2013-0169",
    "CVE-2013-1484",
    "CVE-2013-1485",
    "CVE-2013-1486",
    "CVE-2013-1487"
  );
  script_bugtraq_id(
    57778,
    58027,
    58028,
    58029,
    58031
  );
  script_xref(name:"USN", value:"1735-1");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as
used in OpenJDK was vulnerable to a timing side-channel attack known
as the 'Lucky Thirteen' issue. A remote attacker could use this issue
to perform plaintext-recovery attacks via analysis of timing data.
(CVE-2013-0169)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
this to cause a denial of service. This issue only affected Ubuntu
12.10. (CVE-2013-1484)

A data integrity vulnerability was discovered in the OpenJDK JRE. This
issue only affected Ubuntu 12.10. (CVE-2013-1485)

Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/1735-1/");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2013-2022 Canonical, Inc. / NASL script (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.3-0ubuntu1~10.04")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.3-0ubuntu1~10.04")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.3-0ubuntu1~10.04")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.3-0ubuntu1~10.04")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.3-0ubuntu1~10.04")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"icedtea-6-jre-jamvm", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.3-0ubuntu1~11.10")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"icedtea-6-jre-jamvm", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.3-0ubuntu1~12.04")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"icedtea-7-jre-cacao", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"icedtea-7-jre-jamvm", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"openjdk-7-jre", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"openjdk-7-jre-headless", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"openjdk-7-jre-lib", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"openjdk-7-jre-zero", pkgver:"7u15-2.3.7-0ubuntu1~12.10")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-6-jre-cacao / icedtea-6-jre-jamvm / icedtea-7-jre-cacao / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxicedtea-6-jre-cacaop-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao
canonicalubuntu_linuxicedtea-6-jre-jamvmp-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm
canonicalubuntu_linuxicedtea-7-jre-cacaop-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao
canonicalubuntu_linuxicedtea-7-jre-jamvmp-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm
canonicalubuntu_linuxopenjdk-6-jrep-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre
canonicalubuntu_linuxopenjdk-6-jre-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless
canonicalubuntu_linuxopenjdk-6-jre-libp-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib
canonicalubuntu_linuxopenjdk-6-jre-zerop-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero
canonicalubuntu_linuxopenjdk-7-jrep-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre
canonicalubuntu_linuxopenjdk-7-jre-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless
Rows per page:
1-10 of 161

Related

nessus 41
ubuntu 1
openvas 37
redhat 6
amazon 3
oraclelinux 3
centos 3
threatpost 1
suse 3
veracode 7
zdi 3
ubuntucve 14
cve 9
prion 12
ibm 24
securityvulns 5
f5 8
slackware 1
openssl 2
hackerone 1
debiancve 4
pentestpartners 1
fedora 1
altlinux 5
osv 3
freebsd 1
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)
2013-02-21 00:00:00
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532)
2013-02-21 00:00:00
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix)
2013-02-22 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2013-02-21 00:00:00
openvas
openvas
Ubuntu Update for openjdk-7 USN-1735-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1735-1)
2013-02-22 00:00:00
Oracle Java SE Multiple Vulnerabilities -02 (Feb 2013) - Windows
2013-02-22 00:00:00
redhat
redhat
(RHSA-2013:0532) Critical: java-1.7.0-oracle security update
2013-02-20 00:00:00
(RHSA-2013:0275) Important: java-1.7.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0531) Critical: java-1.6.0-sun security update
2013-02-20 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2013-03-02 16:49:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
Critical: openssl
2014-04-07 17:26:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
centos
centos
java security update
2013-02-20 20:12:54
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
threatpost
threatpost
Oracle Patches Critical Java Flaws in 7u15
2013-02-19 22:30:02
suse
suse
Security update for Java (important)
2013-02-22 20:04:33
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:52:53
Sandbox Restrictions Bypass
2019-05-02 04:54:21
Sandbox Restrictions Bypass
2019-05-02 04:52:53
zdi
zdi
Oracle Java Proxy.newProxyInstance Security Manager Bypass Remote Code Execution Vulnerability
2013-03-22 00:00:00
Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability
2013-03-22 00:00:00
Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability
2013-03-22 00:00:00
ubuntucve
ubuntucve
CVE-2013-1484
2013-02-20 00:00:00
CVE-2013-1487
2013-02-20 00:00:00
CVE-2013-1485
2013-02-20 00:00:00
cve
cve
CVE-2013-1484
2013-02-20 21:55:00
CVE-2013-1485
2013-02-20 21:55:00
CVE-2013-1487
2013-02-20 21:55:00
prion
prion
Design/Logic Flaw
2013-02-20 21:55:00
Design/Logic Flaw
2013-02-20 21:55:00
Design/Logic Flaw
2013-02-20 21:55:00
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)
2018-06-17 04:47:31
Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.
2022-09-25 21:06:56
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery &#40;aka “Lucky Thirteen”&#41; Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery &#40;aka “Lucky Thirteen”&#41; Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K15622 : wolfSSL CyaSSL vulnerability CVE-2013-1623
2014-09-25 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
Vulnerability in OpenSSL CVE-2016-2107
2016-05-03 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
debiancve
debiancve
CVE-2013-0169
2013-02-08 19:55:00
CVE-2018-0497
2018-07-28 17:29:00
CVE-2013-1620
2013-02-08 19:55:00
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
altlinux
altlinux
Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
JSON
Related for UBUNTU_USN-1735-1.NASL
nessus41ubuntu1openvas37redhat6amazon3oraclelinux3centos3threatpost1suse3veracode7zdi3ubuntucve14cve9prion12ibm24securityvulns5f58slackware1openssl2hackerone1debiancve4pentestpartners1fedora1altlinux5osv3freebsd1