Lucene search
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1819-1.NASLHistoryMay 08, 2013 - 12:00 a.m.
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1819-1)
2013-05-0800:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401)
James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. (CVE-2013-1488)
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)
Two vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424)
Two vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1819-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(66348);
script_version("1.22");
script_cvs_date("Date: 2019/09/19 12:54:29");
script_cve_id("CVE-2013-0401", "CVE-2013-1488", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1557", "CVE-2013-1558", "CVE-2013-1569", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-2417", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2426", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2436");
script_bugtraq_id(58504, 58507, 59131, 59141, 59153, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59219, 59228, 59243);
script_xref(name:"USN", value:"1819-1");
script_name(english:"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1819-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Ben Murphy discovered a vulnerability in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit
this to execute arbitrary code. (CVE-2013-0401)
James Forshaw discovered a vulnerability in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit this to execute arbitrary code. (CVE-2013-1488)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557,
CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,
CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)
Two vulnerabilities were discovered in the OpenJDK JRE related to
confidentiality. An attacker could exploit these to expose sensitive
data over the network. (CVE-2013-2415, CVE-2013-2424)
Two vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of
service. (CVE-2013-2417, CVE-2013-2419).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/1819-1/"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2013/05/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/08");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.10 / 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"10.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.5-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.5-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.5-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.5-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.5-0ubuntu0.10.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"icedtea-6-jre-jamvm", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.5-0ubuntu0.11.10.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"icedtea-6-jre-jamvm", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b27-1.12.5-0ubuntu0.12.04.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | icedtea-6-jre-cacao | p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao |
| canonical | ubuntu_linux | icedtea-6-jre-jamvm | p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm |
| canonical | ubuntu_linux | openjdk-6-jre | p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre |
| canonical | ubuntu_linux | openjdk-6-jre-headless | p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless |
| canonical | ubuntu_linux | openjdk-6-jre-lib | p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib |
| canonical | ubuntu_linux | openjdk-6-jre-zero | p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 11.10 | cpe:/o:canonical:ubuntu_linux:11.10 |
| canonical | ubuntu_linux | 12.04 | cpe:/o:canonical:ubuntu_linux:12.04:-:lts |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2436
usn.ubuntu.com/1819-1/
Related
openvas
openvas
Ubuntu Update for openjdk-6 USN-1819-1
2013-05-09 00:00:00
Ubuntu Update for openjdk-6 USN-1819-1
2013-05-09 00:00:00
CentOS Update for java CESA-2013:0770 centos5
2013-04-25 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-05-07 00:00:00
OpenJDK 7 vulnerabilities
2013-04-23 00:00:00
ICU regression
2015-03-06 00:00:00
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-05-21 20:04:20
Security update for Java 1.4.2 (important)
2013-06-10 18:09:23
Security update for IBM Java (important)
2013-07-03 15:04:18
nessus
nessus
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)
2014-06-13 00:00:00
SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)
2013-05-22 00:00:00
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-04-17 00:00:00
java-1.6.0-openjdk security update
2013-04-24 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
centos
centos
java security update
2013-04-17 21:01:08
java security update
2013-04-24 20:56:24
java security update
2013-04-17 22:33:59
redhat
redhat
(RHSA-2013:0770) Important: java-1.6.0-openjdk security update
2013-04-24 00:00:00
(RHSA-2013:0751) Critical: java-1.7.0-openjdk security update
2013-04-17 00:00:00
(RHSA-2013:0752) Important: java-1.7.0-openjdk security update
2013-04-17 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-04-25 20:40:00
Critical: java-1.7.0-openjdk
2013-04-18 13:59:00
fedora
fedora
[SECURITY] Fedora 19 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.6.fc19
2013-04-25 14:19:39
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc18
2013-04-18 02:47:29
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc17
2013-04-19 05:01:04
securityvulns
securityvulns
APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15
2013-04-22 00:00:00
Oracle Java / OpenJDK multiple security vulnerabilities
2013-04-22 00:00:00
[USN-2522-1] ICU vulnerabilities
2015-03-07 00:00:00
cve
cve
ibm
ibm
prion
prion
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 18:55:00
Type confusion
2013-04-17 18:55:00
debiancve
debiancve
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2383
2013-04-17 18:55:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
[SECURITY] [DLA 219-1] icu security update
2015-05-14 09:45:27
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
osv
osv
icu - security update
2015-03-15 00:00:00
icu - security update
2015-05-14 00:00:00
veracode
veracode
Improper Access Control
2019-05-02 04:44:37
Memory Corruption
2019-05-02 04:44:37
Improper Access Control
2019-05-02 04:44:36
checkpoint_advisories
checkpoint_advisories
Oracle Java JPEGImageWriter Memory Corruption (CVE-2013-2429)
2013-08-25 00:00:00
Oracle Java JPEGImageWriter Memory Corruption - Ver2 (CVE-2013-2429)
2014-03-31 00:00:00
zdi
zdi
Oracle Java MethodHandle Sandbox Bypass Remote Code Execution Vulnerability
2013-05-10 00:00:00
Related for UBUNTU_USN-1819-1.NASL