Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2574-1.NASL
HistoryApr 22, 2015 - 12:00 a.m.

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2574-1)

2015-04-2200:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469)

Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480)

Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478)

A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-0477)

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2015-0488).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2574-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82992);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2015-0460",
    "CVE-2015-0469",
    "CVE-2015-0477",
    "CVE-2015-0478",
    "CVE-2015-0480",
    "CVE-2015-0488"
  );
  script_xref(name:"USN", value:"2574-1");

  script_name(english:"Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2574-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-0460, CVE-2015-0469)

Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to
directory traversal issues with respect to handling jar files. An
attacker could use this to expose sensitive data. (CVE-2015-0480)

Florian Weimer discovered that the RSA implementation in the JCE
component in OpenJDK JRE did not follow recommended practices for
implementing RSA signatures. An attacker could use this to expose
sensitive data. (CVE-2015-0478)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. An attacker could exploit this expose sensitive data over
the network. (CVE-2015-0477)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of
service. (CVE-2015-0488).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2574-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0469");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-0488");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'icedtea-7-jre-jamvm', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-demo', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-jdk', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-jre', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-jre-headless', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-jre-lib', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-jre-zero', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'},
    {'osver': '14.04', 'pkgname': 'openjdk-7-source', 'pkgver': '7u79-2.5.5-0ubuntu0.14.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'icedtea-7-jre-jamvm / openjdk-7-demo / openjdk-7-jdk / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxicedtea-7-jre-jamvmp-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm
canonicalubuntu_linuxopenjdk-7-demop-cpe:/a:canonical:ubuntu_linux:openjdk-7-demo
canonicalubuntu_linuxopenjdk-7-jdkp-cpe:/a:canonical:ubuntu_linux:openjdk-7-jdk
canonicalubuntu_linuxopenjdk-7-jrep-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre
canonicalubuntu_linuxopenjdk-7-jre-headlessp-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless
canonicalubuntu_linuxopenjdk-7-jre-libp-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib
canonicalubuntu_linuxopenjdk-7-jre-zerop-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero
canonicalubuntu_linuxopenjdk-7-sourcep-cpe:/a:canonical:ubuntu_linux:openjdk-7-source
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

ubuntu 2
openvas 45
nessus 51
oraclelinux 4
veracode 11
debian 3
centos 4
mageia 1
archlinux 6
redhat 12
osv 3
amazon 3
ibm 37
suse 10
f5 4
kaspersky 2
aix 1
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-04-21 00:00:00
OpenJDK 7 vulnerabilities
2015-04-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2574-1)
2015-04-22 00:00:00
Ubuntu: Security Advisory (USN-2573-1)
2015-04-22 00:00:00
Debian Security Advisory DSA 3235-1 (openjdk-7 - security update)
2015-04-24 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2573-1)
2015-04-22 00:00:00
Debian DSA-3234-1 : openjdk-6 - security update
2015-04-27 00:00:00
RHEL 5 : java-1.7.0-openjdk (RHSA-2015:0807)
2015-04-15 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-04-15 00:00:00
java-1.6.0-openjdk security update
2015-04-15 00:00:00
java-1.7.0-openjdk security update
2015-04-15 00:00:00
veracode
veracode
Sandbox Protection Bypass
2019-05-02 05:13:14
Sandbox Protection Bypass
2019-05-02 05:13:14
Sandbox Protection Bypass
2019-05-02 05:13:14
debian
debian
[SECURITY] [DSA 3234-1] openjdk-6 security update
2015-04-24 18:40:07
[SECURITY] [DSA 3235-1] openjdk-7 security update
2015-04-24 18:41:40
[SECURITY] [DLA 213-1] openjdk-6 security update
2015-04-30 13:41:18
centos
centos
java security update
2015-04-15 11:08:38
java security update
2015-04-15 11:09:51
java security update
2015-04-15 11:47:27
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-04-15 20:22:53
archlinux
archlinux
jre7-openjdk-headless: multiple issues
2015-04-17 00:00:00
jre7-openjdk: multiple issues
2015-04-17 00:00:00
jdk7-openjdk: multiple issues
2015-04-17 00:00:00
redhat
redhat
(RHSA-2015:0807) Important: java-1.7.0-openjdk security update
2015-04-14 00:00:00
(RHSA-2015:0808) Important: java-1.6.0-openjdk security update
2015-04-14 00:00:00
(RHSA-2015:0806) Critical: java-1.7.0-openjdk security update
2015-04-14 00:00:00
osv
osv
openjdk-6 - security update
2015-04-30 00:00:00
openjdk-6 - security update
2015-04-24 00:00:00
openjdk-7 - security update
2015-04-24 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2015-04-23 00:44:00
Important: java-1.6.0-openjdk
2015-04-23 00:44:00
Important: java-1.8.0-openjdk
2015-05-05 15:44:00
ibm
ibm
Security Bulletin: Vulnerabilities in Java affect Power Hardware Management Console (CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0478, CVE-2015-0477, CVE-2015-1916)
2021-09-23 01:31:39
Security Bulletin: April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products
2018-06-18 00:28:27
Security Bulletin: Multiple vulnerabilities in Oracle Java SE Runtime Environment, Version 1.7.0 affect IBM Flex System Manager (FSM) SMIA Configuration Tool (CVE-2015-0488, CVE-2015-0478)
2019-01-31 02:10:01
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-04-27 13:05:55
Security update for java-1_7_0-openjdk (critical)
2015-05-07 21:04:54
Security update for java-1_8_0-openjdk (important)
2015-04-27 13:05:39
f5
f5
SOL17136 - Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488
2015-08-24 00:00:00
K17136 : Java and JRockit vulnerabilities CVE-2015-0478 and CVE-2015-0488
2015-08-24 00:00:00
K17125 : Multiple Java vulnerabilities
2015-08-12 00:00:00
kaspersky
kaspersky
KLA10551 Code execution vulnerabilities in Microsoft Office
2015-04-14 00:00:00
KLA10548 Multiple vulnerabilities in Oracle products
2015-04-14 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-06-03 12:58:42
JSON
Related for UBUNTU_USN-2574-1.NASL
ubuntu2openvas45nessus51oraclelinux4veracode11debian3centos4mageia1archlinux6redhat12osv3amazon3ibm37suse10f54kaspersky2aix1