The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :
- ISC DHCP dhclient
- Integrated Services Digital Network (ISDN) subsystem
- Java Runtime Environment (JRE)
- Java SE Development Kit (JDK)
- Java SE Web Start
- Linux kernel
- Linux kernel 32-bit and 64-bit emulation
- Linux kernel Simple Internet Transition INET6
- Linux kernel tty
- Linux kernel virtual file system (VFS)
- Red Hat dhcpd init script for DHCP
- SBNI WAN driver
{"vmware": [{"lastseen": "2022-06-19T20:03:07", "description": "a. Service Console update for DHCP and third party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network.\n\nA stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.\n\nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue.\n\nAn insecure temporary file use flaw was discovered in the DHCP daemon's init script (\"/etc/init.d/dhcpd\"). A local attacker could use this flaw to overwrite an arbitrary file with the output of the \"dhcpd -t\" command via a symbolic link attack, if a system administrator executed the DHCP init script with the \"configtest\", \"restart\", or \"reload\" option.\n\nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue.\n\nThe following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2009-10-16T00:00:00", "type": "vmware", "title": "VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2086", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0692", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1893"], "modified": "2010-01-06T00:00:00", "id": "VMSA-2009-0014.3", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0014.3.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:38:40", "description": "a. Service Console update for DHCP and third party library update for DHCP client. \n \nDHCP is an Internet-standard protocol by which a computer can be \nconnected to a local network, ask to be given configuration \ninformation, and receive from a server enough information to \nconfigure itself as a member of that network.\n\n \nA stack-based buffer overflow in the script_write_params method in \nISC DHCP dhclient allows remote DHCP servers to execute arbitrary \ncode via a crafted subnet-mask option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-0692 to this issue.\n\n \nAn insecure temporary file use flaw was discovered in the DHCP \ndaemon's init script (\"/etc/init.d/dhcpd\"). A local attacker could \nuse this flaw to overwrite an arbitrary file with the output of the \n\"dhcpd -t\" command via a symbolic link attack, if a system \nadministrator executed the DHCP init script with the \"configtest\", \n\"restart\", or \"reload\" option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-1893 to this issue.\n\n \nThe following table lists what action remediates the vulnerability \nin the Service Console (column 4) if a solution is available. \n\n", "cvss3": {}, "published": "2009-10-16T00:00:00", "type": "vmware", "title": "VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2008-2136", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-0598", "CVE-2008-5340", "CVE-2009-1893", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5355", "CVE-2008-3525", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2008-5358", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0692", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2008-4210", "CVE-2008-3275", "CVE-2009-1107", "CVE-2007-6063", "CVE-2009-1102", "CVE-2008-5351", "CVE-2008-2812", "CVE-2009-1105"], "modified": "2010-01-06T00:00:00", "id": "VMSA-2009-0014", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0014.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:06:20", "description": "a. Service Console update for DHCP and third-party library update for DHCP client.\n\n DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network.\n\n A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue.\n\n An insecure temporary file use flaw was discovered in the DHCP daemon's init script ('/etc/init.d/dhcpd'). A local attacker could use this flaw to overwrite an arbitrary file with the output of the 'dhcpd -t' command via a symbolic link attack, if a system administrator executed the DHCP init script with the 'configtest', 'restart', or 'reload' option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue.\n\nb. Updated Service Console package kernel\n\n Service Console package kernel update to version kernel-2.4.21-58.EL.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the security issues fixed in kernel-2.4.21-58.EL\n\nc. JRE Security Update\n\n JRE update to version 1.5.0_18, which addresses multiple security issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339, CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-10-19T00:00:00", "type": "nessus", "title": "VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2086", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0692", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1893"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.0.3", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/42179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0014. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42179);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2086\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0692\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-1893\");\n script_bugtraq_id(35668);\n script_xref(name:\"VMSA\", value:\"2009-0014\");\n\n script_name(english:\"VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. Service Console update for DHCP and third-party library update\n for DHCP client.\n\n DHCP is an Internet-standard protocol by which a computer can be\n connected to a local network, ask to be given configuration\n information, and receive from a server enough information to\n configure itself as a member of that network.\n\n A stack-based buffer overflow in the script_write_params method in\n ISC DHCP dhclient allows remote DHCP servers to execute arbitrary\n code via a crafted subnet-mask option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0692 to this issue.\n\n An insecure temporary file use flaw was discovered in the DHCP\n daemon's init script ('/etc/init.d/dhcpd'). A local attacker could\n use this flaw to overwrite an arbitrary file with the output of the\n 'dhcpd -t' command via a symbolic link attack, if a system\n administrator executed the DHCP init script with the 'configtest',\n 'restart', or 'reload' option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1893 to this issue.\n\nb. Updated Service Console package kernel\n\n Service Console package kernel update to version\n kernel-2.4.21-58.EL.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598,\n CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the\n security issues fixed in kernel-2.4.21-58.EL\n\nc. JRE Security Update\n\n JRE update to version 1.5.0_18, which addresses multiple security\n issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348,\n CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\n CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357,\n CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339,\n CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,\n CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000076.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-10-16\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-200910402-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910401-SG\",\n patch_updates : make_list(\"ESX350-200911201-UG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910403-SG\",\n patch_updates : make_list(\"ESX350-201003403-SG\", \"ESX350-201203401-SG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910406-SG\",\n patch_updates : make_list(\"ESX350-201203405-SG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200912404-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-30T20:22:04", "description": "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9.\n\nThe remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-09T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.4 Release 9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2022-06-29T00:00:00", "cpe": [], "id": "MACOSX_JAVA_REL9.NASL", "href": "https://www.tenable.com/plugins/nessus/39766", "sourceData": "#TRUSTED 3e62b7dd5cbc1987ecd99e7ee8ef1fdf9549a962b045f3e31453160fcfafdabbd564535dc90290257d01761bf2b9cfec3ad450924bb6d13248593ec188b90934de87a2ea2119ee0dfd4cb695dcf20bbe616644c1d2d4e6ed8bca1ef551bae7ae00198e725ff5d2814b92939dc3b56a6668d4f9b19d8082f7492e05d0cf2b0fdea481dacde3ef9b934aad578dcb1b8e308156e593d7528cfb41e8c84cc1c676473e7ce2814268a754143cf7168ca7873e775022d1d002d766b40b243b312f178bd8122ee4d77dd428f6238c84357154da5f26868295895d1a796b9bcf641653f20043ebee30c011c09ba38610502626b363cd250f118c5fe3feb254d18f5be0046701cab681b72b1771a929434fa5fbbd4c383b302bd8c0f98b9120ca40057729500def3279c44de7634ae22f2beb85ca3b783c8bb19b55a3445d66b4608fb0b16e73f6b8eb64af32b0c9281129eff853baceb6872b27a5cdbd01895f89c0c0ccb78008d8e272ba996437598043ad52faa233c69e234bc2e5f1e7cdada6b8d5e37247e8f91deca179aa477135388ec95762a5f6e1fb3dff7ba8789126636aeb0110a8259c39d99f35f9958fc3e4832e5e9d71edc4e7db35419850588bc98601e06bb0ee339b5b25713350fcd856204eead6cf99202c56c7153441e85befb9db2d185d6a11733150258e80015b786a0967822ce3d585c4cc91d25371ec644f3bc7\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39766);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(32892, 34240);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.4 Release 9\");\n script_summary(english:\"Check for Java Release 9 on Mac OS X 10.4\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.4 host is running a version of Java for Mac OS\nX older than release 9.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Java for Mac OS X 10.4 release 9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.4.11 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 8\\.11\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 11.9.0.\n if (\n ver[0] < 11 ||\n (ver[0] == 11 && ver[1] < 9)\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-30T20:20:40", "description": "The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 4.\n\nThe remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-17T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.5 Update 4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1719"], "modified": "2022-06-29T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_5_UPDATE4.NASL", "href": "https://www.tenable.com/plugins/nessus/39435", "sourceData": "#TRUSTED 3c22ae5d794349d7024c0e782b8c9f415201a45ca1633c169b928d17b9f0032faa39d5ee503cfcd8b5b9a3752b3103cd90f68f6a0cfde6c587eccc3b0895803b5960e4341a26b84f09b34f981b632531ed92e717fb01453c87889346240ea9a3c35a4869ddb4586ba87e4eb7b711d4281a3e367b2f91bc425cbcf38b32553ae4f219199e5d55ba758c3b1800e33d021d1b88729ad8c527a008df0b9a4e3439e9c61c16088e85632d5b6a0d8666416b3844d5de197bdee595dd4eafc92a97d618e1c600eb7a33d7b157e89c6c74b8a4bd345854828a359626ae115114691ff98f6e2b5fa29bab4bf04564fc4b277c0501f52fdbd06612d3fe546a556a6aacf5839e663e2d2654c4b855a2de8e07fde7835600c57c37692f8bfdba5c5315f726a1ad0e86c2498319dc9fc50d94860661fb03330b3470fbf6b201c8ff49afe520f0b9d1371c029c705e6844fc138a8325a706edcf37b34cd40195640fb08b288342edd44471d9bad16750a1517ef7b1ccb21921245d566f54afb3a66d1397bdbc1c4010da20186da374abcb0f4b2e7e3b081b43f71b8c3b4dd8a09db4aec0a1788d3f45c93727a0a63c5262eb9088035e268173bedf367feb69915fc7ae8e030c4068e87e618bc384ad1d46bb3bcb38790a74e6d028350ec7dbb4b64debba4745859113db3b662819c8b69a64ad32517a39c49ed36497348faabb94829d21b35fb1\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39435);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5347\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\",\n \"CVE-2009-1719\"\n );\n script_bugtraq_id(32620, 32892, 32608, 34240, 35381);\n script_xref(name:\"Secunia\", value:\"35118\");\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 4\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X 10.5 host is running a version of Java for\nMac OS X that is missing Update 4.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Java for Mac OS X 10.5 Update 4 (JavaVM Framework 12.3.0)\nor later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n if (buf !~ \"^[0-9]\") exit(1, \"Failed to get the version - '\"+buf+\"'.\");\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\n\n# Mac OS X 10.5 only.\nif (egrep(pattern:\"Darwin.* 9\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(1, \"Failed to get version info from '\"+plist+\"'.\");\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 12.3.0\n if (\n ver[0] < 12 ||\n (ver[0] == 12 && ver[1] < 3)\n )\n {\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet')\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.3.0\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n }\n else exit(0, \"The remote host is not affected since JavaVM Framework \" + version + \" is installed.\");\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:04", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-01-07T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_6_0-SUN-5876.NASL", "href": "https://www.tenable.com/plugins/nessus/35306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-5876.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35306);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)\");\n script_summary(english:\"Check for the java-1_6_0-sun-5876 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:17", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40235);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:26:49", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :\n\n - The JRE creates temporary files with insufficiently random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java application that is launched through the command line to elevate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to elevate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to elevate its privileges with unpacking applets and Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)\n\n - An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to elevate privileges.\n (246366)\n\n - An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to access localhost. (246387)", "cvss3": {"score": null, "vector": null}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_244986_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64828);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5347\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5355\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5358\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\"\n );\n script_bugtraq_id(\n 30633,\n 32608,\n 32620,\n 32892\n );\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its\n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security\n checks due to the manner in which it handles the\n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java\n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java\n application that is launched through the command line to\n elevate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar\n objects may allow an untrusted applet or application to\n elevate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to elevate its privileges with unpacking applets and\n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the\n 'shortest' form. Although not a vulnerability per se,\n it may be leveraged to exploit software that relies on\n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running\n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an\n untrusted applet or application to elevate privileges.\n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019736.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019737.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019738.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019739.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019740.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019741.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019742.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019759.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019793.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019794.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019797.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019798.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019799.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019800.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u11-139394.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK\n/ JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary,\nany affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-5355\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|10)([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-6])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:04", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-01-07T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_5_0-SUN-5875.NASL", "href": "https://www.tenable.com/plugins/nessus/35305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-5875.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35305);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)\");\n script_summary(english:\"Check for the java-1_5_0-sun-5875 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:33", "description": "The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Sun Java (YOU Patch Number 12321)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12321.NASL", "href": "https://www.tenable.com/plugins/nessus/41263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41263);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE9 Security Update : Sun Java (YOU Patch Number 12321)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5347.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5355.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12321.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"java2-1.4.2-129.48\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"java2-jre-1.4.2-129.48\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:44:43", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :\n\n - The JRE creates temporary files with insufficiently random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java application that is launched through the commandline to escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to escalate its privileges with unpacking applets and Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)\n\n - An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to escalate privileges. (246366)\n\n - An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to access localhost. (246387)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2008-12-04T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (244986 et al)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_244986.NASL", "href": "https://www.tenable.com/plugins/nessus/35030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35030);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5347\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5355\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5358\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\"\n );\n script_bugtraq_id(\n 30633,\n 32608,\n 32620,\n 32892\n );\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (244986 et al)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /\n1.3.1_24. Such versions are potentially affected by the following\nsecurity issues :\n\n - The JRE creates temporary files with insufficiently\n random names. (244986)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's image processing code, its \n handling of GIF images, and its font processing.\n (244987)\n\n - It may be possible for an attacker to bypass security \n checks due to the manner in which it handles the \n 'non-shortest form' of UTF-8 byte sequences.\n\n - There are multiple security vulnerabilities in Java \n Web Start and Java Plug-in that may allow for privilege\n escalation. (244988)\n\n - The JRE Java Update mechanism does not check the digital\n signature of the JRE that it downloads. (244989)\n\n - A buffer overflow may allow an untrusted Java \n application that is launched through the commandline to \n escalate its privileges. (244990)\n\n - A vulnerability related to deserializing calendar \n objects may allow an untrusted applet or application to\n escalate its privileges. (244991)\n\n - A buffer overflow affects the 'unpack200' JAR unpacking\n utility and may allow an untrusted applet or application\n to escalate its privileges with unpacking applets and \n Java Web Start applications. (244992)\n\n - The UTF-8 decoder accepts encodings longer than the \n 'shortest' form. Although not a vulnerability per se, \n it may be leveraged to exploit software that relies on \n the JRE UTF-8 decoder to reject the 'non-shortest form'\n sequence. (245246)\n\n - An untrusted applet or application may be able to list\n the contents of the home directory of the user running \n the applet or application. (246266)\n\n - A denial of service vulnerability may be triggered when\n the JRE handles certain RSA public keys. (246286)\n\n - A vulnerability may be triggered while authenticating\n users through Kerberos and lead to a system-wide denial\n of service due to excessive consumption of operating\n system resources. (246346)\n\n - Security vulnerabilities in the JAX-WS and JAXB packages\n where internal classes can be accessed may allow an \n untrusted applet or application to escalate privileges. \n (246366)\n\n - An untrusted applet or application when parsing zip\n files may be able to read arbitrary memory locations in\n the process that the applet or application is running.\n (246386)\n\n - The JRE allows code loaded from the local filesystem to\n access localhost. (246387)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019736.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019737.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019738.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019739.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019740.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019741.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019742.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019759.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019793.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019794.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019797.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019798.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019799.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1019800.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u11-139394.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, \nSDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and \nremove if necessary any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|10)([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-6])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\\n';\n }\n}\n\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:00", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These are summarized in the 'Advance notification of Security Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2008-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/40732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1025. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40732);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32620, 32892);\n script_xref(name:\"RHSA\", value:\"2008:1025\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These\nare summarized in the 'Advance notification of Security Updates for\nJava SE' from Sun Microsystems.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d7aabf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1025\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1025\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:58", "description": "Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical vulnerabilities. These are summarized in the 'Advance notification of Security Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2008-1018.NASL", "href": "https://www.tenable.com/plugins/nessus/40731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40731);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32620, 32892);\n script_xref(name:\"RHSA\", value:\"2008:1018\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical\nvulnerabilities. These are summarized in the 'Advance notification of\nSecurity Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d7aabf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:13", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40241);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)\");\n script_summary(english:\"Check for the java-1_6_0-sun-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:29", "description": "The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 / CVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 / CVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 / CVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 / CVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 / CVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 / CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-SUN-5852.NASL", "href": "https://www.tenable.com/plugins/nessus/41526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41526);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.4.2sr19 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 /\nCVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 /\nCVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 /\nCVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 /\nCVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 /\nCVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 /\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5347.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5355.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5852.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-alsa-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-demo-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-devel-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-jdbc-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-plugin-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_4_2-sun-src-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-alsa-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-devel-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-jdbc-1.4.2.19-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-sun-plugin-1.4.2.19-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:07", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40002);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)\");\n script_summary(english:\"Check for the java-1_6_0-sun-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:25", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/39997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39997);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:40", "description": "This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. (CVE-2008-5342)\n\nReferences can be found on :\n\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12336.NASL", "href": "https://www.tenable.com/plugins/nessus/41268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41268);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start\napplication.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on :\n\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12336.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-JRE-1.5.0-0.57\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava5-SDK-1.5.0-0.57\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-JRE-1.5.0-0.56\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava5-SDK-1.5.0-0.56\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:47", "description": "This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. (CVE-2008-5342)\n\nReferences can be found on:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-5960.NASL", "href": "https://www.tenable.com/plugins/nessus/41527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41527);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings IBM Java 5 to Service Release 9.\n\nIt fixes the following security problems :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or\n Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the 'unpack200' JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2008-5352)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\n\nReferences can be found on:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5960.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:02", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These are summarized in the 'Security Alerts' from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9 Java release.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2009-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/40738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40738);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608, 32620, 32892);\n script_xref(name:\"RHSA\", value:\"2009:0016\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the 'Security Alerts' from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://www-128.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/us-en/?ar=1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0016\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:52", "description": "This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6136)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-6136.NASL", "href": "https://www.tenable.com/plugins/nessus/41525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41525);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6136)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the IBM Java 1.4.2 JDK and JRE to Service Release\n13. It fixes lots of bugs and various\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6136.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-ibm-1.4.2_sr13-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13-0.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13-0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:35", "description": "This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues :\n\n - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5357)\n\n - A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. (CVE-2008-5342)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12387)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12387.NASL", "href": "https://www.tenable.com/plugins/nessus/41289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41289);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12387)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the IBM Java 1.4.2 JDK and JRE to Service Release\n13. It fixes lots of bugs and various security issues :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\nThis vulnerability cannot be exploited by an applet or Java Web Start\napplication.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12387.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava2-JRE-1.4.2-0.133\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava2-SDK-1.4.2-0.133\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava2-JRE-1.4.2-0.139\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava2-SDK-1.4.2-0.139\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:29", "description": "This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues :\n\n - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files with insufficiently random names. This may be leveraged to write JAR files which may then be loaded as untrusted applets and Java Web Start applications to access and provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5357)\n\n - A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. (CVE-2008-5342)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_4_2-IBM-090405.NASL", "href": "https://www.tenable.com/plugins/nessus/41404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41404);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 735)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the IBM Java 1.4.2 JDK and JRE to Service Release\n13. It fixes lots of bugs and various security issues :\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) may allow an untrusted applet or application to\n list the contents of the home directory of the user\n running the applet or application. (CVE-2008-5350)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with parsing zip files may allow an untrusted\n applet or application to read arbitrary memory locations\n in the process that the applet or application is running\n in. (CVE-2008-5346)\n\n - A vulnerability in Java Web Start and Java Plug-in may\n allow hidden code on a host to make network connections\n to that host and to hijack HTTP sessions using cookies\n stored in the browser. (CVE-2008-5343)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with applet classloading may allow an untrusted applet\n to read arbitrary files on a system that the applet runs\n on and make network connections to hosts other than the\n host it was loaded from. (CVE-2008-5344)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) image processing code may allow an\n untrusted applet or application to escalate privileges.\n For example, an untrusted applet may grant itself\n permissions to read and write local files or execute\n local applications that are accessible to the user\n running the untrusted applet. (CVE-2008-5359)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n may allow an untrusted Java Web Start application to\n make network connections to hosts other than the host\n that the application is downloaded from. (CVE-2008-5339)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) with authenticating users through Kerberos may\n lead to a Denial of Service (DoS) to the system as a\n whole, due to excessive consumption of operating system\n resources. (CVE-2008-5348)\n\n - A vulnerability in Java Web Start may allow certain\n trusted operations to be performed, such as modifying\n system properties. (CVE-2008-2086)\n\n - The Java Runtime Environment (JRE) allows code loaded\n from the local filesystem to access localhost. This may\n allow code that is maliciously placed on the local\n filesystem and then subsequently run, to have network\n access to localhost that would not otherwise be allowed\n if the code were loaded from a remote host. This may be\n leveraged to steal cookies and hijack sessions (for\n domains that map a name to the localhost).\n (CVE-2008-5345)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - The Java Runtime Environment creates temporary files\n with insufficiently random names. This may be leveraged\n to write JAR files which may then be loaded as untrusted\n applets and Java Web Start applications to access and\n provide services from localhost and hence steal cookies.\n (CVE-2008-5360)\n\n - A security vulnerability in the Java Runtime Environment\n (JRE) related to deserializing calendar objects may\n allow an untrusted applet or application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5353)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment (JRE) may allow an untrusted Java\n application that is launched through the command line to\n escalate privileges. For example, the untrusted Java\n application may grant itself permissions to read and\n write local files or execute local applications that are\n accessible to the user running the untrusted Java\n application. (CVE-2008-5354)\n\n This vulnerability cannot be exploited by an applet or\n Java Web Start application.\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5343.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5344.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5345.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5360.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 735.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_4_2-ibm-1.4.2_sr13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:00", "description": "Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM(r) 1.4.2 SR13 Java(tm) release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:0445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0445.NASL", "href": "https://www.tenable.com/plugins/nessus/40743", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0445. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40743);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608, 32620, 32892);\n script_xref(name:\"RHSA\", value:\"2009:0445\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:0445)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM(r) 1.4.2 SR13 Java(tm) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2008-2086, CVE-2008-5339,\nCVE-2008-5340, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344,\nCVE-2008-5345, CVE-2008-5346, CVE-2008-5348, CVE-2008-5350,\nCVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5359,\nCVE-2008-5360)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0445\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0445\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-demo-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-devel-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-src-1.4.2.13-1jpp.1.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-demo-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-devel-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-src-1.4.2.13-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-07T15:23:38", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_6_0-SUN-6128.NASL", "href": "https://www.tenable.com/plugins/nessus/36071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-6128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36071);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)\");\n script_summary(english:\"Check for the java-1_6_0-sun-6128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-src-1.6.0.u12-1.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:51:42", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/40003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40003);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:51:42", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-090328.NASL", "href": "https://www.tenable.com/plugins/nessus/40242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40242);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:49:20", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871. (CVE-2009-1107)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/41407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41407);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier; 6 Update 12 and earlier; SDK and JRE\n 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not\n close the connection when initialization fails, which\n allows remote attackers to cause a denial of service\n (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in\n Java SE Development Kit (JDK) and Java Runtime\n Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\n and earlier; SDK and JRE 1.3.1_24 and earlier; and\n 1.4.2_19 and earlier allows remote LDAP servers to\n execute arbitrary code via unknown vectors related to\n serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 6 Update 12 and\n earlier allow remote attackers to access files or\n execute arbitrary code via a crafted (1) PNG image, aka\n CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to\n access files or execute arbitrary code via a crafted GIF\n image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier, and 6 Update 12 and earlier,\n allow remote attackers to cause a denial of service\n (disk consumption) via vectors related to temporary font\n files and (1) 'limits on Font creation,' aka CR 6522586,\n and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server\n implementation in Java SE Development Kit (JDK) and Java\n Runtime Environment (JRE) 6 Update 12 and earlier allows\n remote attackers to cause a denial of service (probably\n resource consumption) for a JAX-WS service endpoint via\n a connection without any data, which triggers a file\n descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java\n SE Development Kit (JDK) and Java Runtime Environment\n (JRE) 6 Update 12 and earlier allows remote attackers to\n access files and execute arbitrary code via unknown\n vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\n remote attackers to access files and execute arbitrary\n code via unknown vectors related to 'deserializing\n applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; and 1.4.2_19 and\n earlier does not prevent JavaScript that is loaded from\n the localhost from connecting to other ports on the\n system, which allows user-assisted attackers to bypass\n intended access restrictions via LiveConnect, aka CR\n 6724331. NOTE: this vulnerability can be leveraged with\n separate cross-site scripting (XSS) vulnerabilities for\n remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n allows user-assisted remote attackers to cause a trusted\n applet to run in an older JRE version, which can be used\n to exploit vulnerabilities in that older version, aka CR\n 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n does not properly parse crossdomain.xml files, which\n allows remote attackers to bypass intended access\n restrictions and connect to arbitrary sites via unknown\n vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12 and earlier,\n and 5.0 Update 17 and earlier, allows remote attackers\n to trick a user into trusting a signed applet via\n unknown vectors that misrepresent the security warning\n dialog, related to a 'Swing JLabel HTML parsing\n vulnerability,' aka CR 6782871. (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 699.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:25", "description": "OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues.\n\nIt fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA public keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP sockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal to the 'package.access' property in $JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE 246366 6721753 File.createTempFile produces guessable file names CVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM crash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed font CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks for 'Main-Class' manifest entry in JAR files CVE-2008-5354 aka SUN SOLVE 244990 6734167 Calendar.readObject allows elevation of privileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE TrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987 6755943 Java JAR Pack200 Decompression should enforce stricter header checks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image may cause crash in java splashscreen library. CVE-2008-5358 aka SUN SOLVE 244987", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-OPENJDK-090303.NASL", "href": "https://www.tenable.com/plugins/nessus/40238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-578.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40238);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-578 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of\nsecurity issues.\n\nIt fixes at least: 4486841 UTF8 decoder should adhere to corrigendum\nto Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory\ninfo CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA\npublic keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP\nsockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal\nto the 'package.access' property in\n$JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE\n246366 6721753 File.createTempFile produces guessable file names\nCVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM\ncrash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed\nfont CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks\nfor 'Main-Class' manifest entry in JAR files CVE-2008-5354 aka SUN\nSOLVE 244990 6734167 Calendar.readObject allows elevation of\nprivileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE\nTrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987\n6755943 Java JAR Pack200 Decompression should enforce stricter header\nchecks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image\nmay cause crash in java splashscreen library. CVE-2008-5358 aka SUN\nSOLVE 244987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471829\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-demo-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-devel-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-javadoc-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-plugin-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-src-1.4_b14-24.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:14", "description": "OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-12-08T00:00:00", "type": "nessus", "title": "Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-10860.NASL", "href": "https://www.tenable.com/plugins/nessus/35046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10860.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35046);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608);\n script_xref(name:\"FEDORA\", value:\"2008-10860\");\n\n script_name(english:\"Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472234\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abc8abb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:40", "description": "OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2008-10913.NASL", "href": "https://www.tenable.com/plugins/nessus/37147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10913.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37147);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_xref(name:\"FEDORA\", value:\"2008-10913\");\n\n script_name(english:\"Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472234\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017354.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8359641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"java-1.6.0-openjdk-1.6.0.0-7.b12.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:44", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR5 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1198.NASL", "href": "https://www.tenable.com/plugins/nessus/40747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1198. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40747);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1198\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1198\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1198\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:29", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9-SSU Java release. All running instances of IBM Java must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/40745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40745);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1038\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1038\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1038\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.5.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:06", "description": "IBM Java 6 SR 5 was released fixing various bugs and critical security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing PNG images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) HTTP server implementation may allow a remote client to create a denial-of-service condition on a JAX-WS service endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched on an earlier version of the Java Runtime Environment (JRE) provided the user that downloaded the applet allows it to run on the requested release. A vulnerability allows JavaScript code that is present in the same web page as the applet to exploit known vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with parsing crossdomain.xml files may allow an untrusted applet to connect to any site that provides a crossdomain.xml file instead of sites that allow the domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-090629.NASL", "href": "https://www.tenable.com/plugins/nessus/41406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41406);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR 5 was released fixing various bugs and critical security\nissues :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing PNG images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with storing temporary font files may allow an untrusted\n applet or application to consume a disproportionate\n amount of disk space resulting in a denial-of-service\n condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n HTTP server implementation may allow a remote client to\n create a denial-of-service condition on a JAX-WS service\n endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched\n on an earlier version of the Java Runtime Environment\n (JRE) provided the user that downloaded the applet\n allows it to run on the requested release. A\n vulnerability allows JavaScript code that is present in\n the same web page as the applet to exploit known\n vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with\n parsing crossdomain.xml files may allow an untrusted\n applet to connect to any site that provides a\n crossdomain.xml file instead of sites that allow the\n domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=494536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=516361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1058.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0-124.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:58", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These are summarized in the 'Security Alerts' from IBM.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR3 Java release.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2009-0015.NASL", "href": "https://www.tenable.com/plugins/nessus/40737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0015. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40737);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608, 32620);\n script_xref(name:\"RHSA\", value:\"2009:0015\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the 'Security Alerts' from IBM.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR3 Java release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://www-128.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/us-en/?ar=1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0015\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0015\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.3-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.3-1jpp.3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.3-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:41", "description": "It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. (CVE-2008-5347, CVE-2008-5350)\n\nIt was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. (CVE-2008-5348, CVE-2008-5349)\n\nIt was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits.\n(CVE-2008-5351)\n\nOverflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5352, CVE-2008-5354)\n\nIt was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. (CVE-2008-5353)\n\nIt was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\n\nIt was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information. (CVE-2008-5360).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-713-1.NASL", "href": "https://www.tenable.com/plugins/nessus/37381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-713-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37381);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608);\n script_xref(name:\"USN\", value:\"713-1\");\n\n script_name(english:\"Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Java did not correctly handle untrusted\napplets. If a user were tricked into running a malicious applet, a\nremote attacker could gain user privileges, or list directory\ncontents. (CVE-2008-5347, CVE-2008-5350)\n\nIt was discovered that Kerberos authentication and RSA public key\nprocessing were not correctly handled in Java. A remote attacker could\nexploit these flaws to cause a denial of service. (CVE-2008-5348,\nCVE-2008-5349)\n\nIt was discovered that Java accepted UTF-8 encodings that might be\nhandled incorrectly by certain applications. A remote attacker could\nbypass string filters, possible leading to other exploits.\n(CVE-2008-5351)\n\nOverflows were discovered in Java JAR processing. If a user or\nautomated system were tricked into processing a malicious JAR file, a\nremote attacker could crash the application, leading to a denial of\nservice. (CVE-2008-5352, CVE-2008-5354)\n\nIt was discovered that Java calendar objects were not unserialized\nsafely. If a user or automated system were tricked into processing a\nspecially crafted calendar object, a remote attacker could execute\narbitrary code with user privileges. (CVE-2008-5353)\n\nIt was discovered that the Java image handling code could lead to\nmemory corruption. If a user or automated system were tricked into\nprocessing a specially crafted image, a remote attacker could crash\nthe application, leading to a denial of service. (CVE-2008-5358,\nCVE-2008-5359)\n\nIt was discovered that temporary files created by Java had predictable\nnames. If a user or automated system were tricked into processing a\nspecially crafted JAR file, a remote attacker could overwrite\nsensitive information. (CVE-2008-5360).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/713-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b12-0ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-dbg / openjdk-6-demo / openjdk-6-doc / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:28:58", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {"score": null, "vector": null}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64829);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK\n/ JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary,\nany affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:16:06", "description": "This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section.\n\nAll running instances of Sun Java must be restarted for the update to take effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's are signed with the usual signature.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60555);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section.\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's\nare signed with the usual signature.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=467\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94b61170\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:34", "description": "Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0392.NASL", "href": "https://www.tenable.com/plugins/nessus/40741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40741);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0392\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment\nand the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102,\nCVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0392\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:29", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/40742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0394. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40742);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0394\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment\nand the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099,\nCVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0394\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:05:43", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege-escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2009-03-27T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569.NASL", "href": "https://www.tenable.com/plugins/nessus/36034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36034);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege-escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\");\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2825206\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18,\nSDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if\nnecessary, any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:38", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThis update corrects several security vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit, shipped as part of Red Hat Network Satellite Server. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3103", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5359", "CVE-2008-5360"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2009-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/43843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0466. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43843);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3103\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_xref(name:\"RHSA\", value:\"2009:0466\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0466)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis update corrects several security vulnerabilities in the IBM Java\n2 Runtime Environment and the IBM Java 2 Software Development Kit,\nshipped as part of Red Hat Network Satellite Server. In a typical\noperating environment, these are of low security risk as the runtime\nis not used on untrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2008-3103, CVE-2008-5345,\nCVE-2008-5346, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350,\nCVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354,\nCVE-2008-5356, CVE-2008-5357, CVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://www-128.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/us-en/?ar=1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.5.0-ibm and / or java-1.5.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0466\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.4.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:22", "description": "The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : IBM Java 5 JRE and IBM Java 5 SDK (YOU Patch Number 12422)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12422.NASL", "href": "https://www.tenable.com/plugins/nessus/41302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41302);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 5 JRE and IBM Java 5 SDK (YOU Patch Number 12422)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with storing temporary font files may allow an untrusted\n applet or application to consume a disproportionate\n amount of disk space resulting in a denial-of-service\n condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12422.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-JRE-1.5.0-0.64\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-SDK-1.5.0-0.64\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:06", "description": "The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition.\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6253.NASL", "href": "https://www.tenable.com/plugins/nessus/41528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41528);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in\nthe Java Runtime Environment (JRE) with storing temporary font files\nmay allow an untrusted applet or application to consume a\ndisproportionate amount of disk space resulting in a denial-of-service\ncondition.\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6253.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr9-2.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr9-2.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:51:11", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-090328.NASL", "href": "https://www.tenable.com/plugins/nessus/40236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-698.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40236);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)\");\n script_summary(english:\"Check for the java-1_5_0-sun-698 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T02:50:59", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_5_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/39998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-698.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39998);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)\");\n script_summary(english:\"Check for the java-1_5_0-sun-698 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-07T15:23:35", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_5_0-SUN-6125.NASL", "href": "https://www.tenable.com/plugins/nessus/36070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-6125.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36070);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)\");\n script_summary(english:\"Check for the java-1_5_0-sun-6125 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:04", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM(r) 1.6.0 Java(tm) release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR4 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0369)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5351", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0369.NASL", "href": "https://www.tenable.com/plugins/nessus/40739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0369. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40739);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n script_bugtraq_id(32608, 32620, 32892);\n script_xref(name:\"RHSA\", value:\"2009:0369\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0369)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and Red Hat\nEnterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM(r) 1.6.0 Java(tm) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2008-5340, CVE-2008-5341,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5351, CVE-2008-5356,\nCVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5358\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0369\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0369\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.4-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.4-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:08:37", "description": "This update addresses the following security issues :\n\n - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n - missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important)\n\n - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important)\n\n - a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service.\n (CVE-2007-6063, Moderate)\n\n - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n - a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n - the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n - mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n - lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware®.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL3.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20081216_KERNEL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60507);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following security issues :\n\n - Tavis Ormandy discovered a deficiency in the Linux\n kernel 32-bit and 64-bit emulation. This could allow a\n local, unprivileged user to prepare and run a specially\n crafted binary which would use this deficiency to leak\n uninitialized and potentially sensitive data.\n (CVE-2008-0598, Important)\n\n - a possible kernel memory leak was found in the Linux\n kernel Simple Internet Transition (SIT) INET6\n implementation. This could allow a local, unprivileged\n user to cause a denial of service. (CVE-2008-2136,\n Important)\n\n - missing capability checks were found in the SBNI WAN\n driver which could allow a local user to bypass intended\n capability restrictions. (CVE-2008-3525, Important)\n\n - the do_truncate() and generic_file_splice_write()\n functions did not clear the setuid and setgid bits. This\n could allow a local, unprivileged user to obtain access\n to privileged information. (CVE-2008-4210, Important)\n\n - a buffer overflow flaw was found in Integrated Services\n Digital Network (ISDN) subsystem. A local, unprivileged\n user could use this flaw to cause a denial of service.\n (CVE-2007-6063, Moderate)\n\n - multiple NULL pointer dereferences were found in various\n Linux kernel network drivers. These drivers were missing\n checks for terminal validity, which could allow\n privilege escalation. (CVE-2008-2812, Moderate)\n\n - a deficiency was found in the Linux kernel virtual\n filesystem (VFS) implementation. This could allow a\n local, unprivileged user to attempt file creation within\n deleted directories, possibly causing a denial of\n service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n - the incorrect kunmap function was used in\n nfs_xdr_readlinkres. kunmap() was used where\n kunmap_atomic() should have been. As a consequence, if\n an NFSv2 or NFSv3 server exported a volume containing a\n symlink which included a path equal to or longer than\n the local system's PATH_MAX, accessing the link caused a\n kernel oops. This has been corrected in this update.\n\n - mptctl_gettargetinfo did not check if pIoc3 was NULL\n before using it as a pointer. This caused a kernel panic\n in mptctl_gettargetinfo in some circumstances. A check\n has been added which prevents this.\n\n - lost tick compensation code in the timer interrupt\n routine triggered without apparent cause. When running\n as a fully-virtualized client, this spurious triggering\n caused the 64-bit version of Red Hat Enterprise Linux 3\n to present highly inaccurate times. With this update the\n lost tick compensation code is turned off when the\n operating system is running as a fully-virtualized\n client under Xen or VMware®.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0812&L=scientific-linux-errata&T=0&P=1505\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6f8ef2e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-16T14:32:26", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2008-12-17T00:00:00", "type": "nessus", "title": "RHEL 3 : kernel (RHSA-2008:0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-BOOT", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported", "p-cpe:/a:redhat:enterprise_linux:kernel-source", "p-cpe:/a:redhat:enterprise_linux:kernel-unsupported", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/35190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0973. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35190);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"RHEL 3 : kernel (RHSA-2008:0973)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0973\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2008:0973\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0973\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i686\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-25T17:01:12", "description": "From Red Hat Security Advisory 2008:0973 :\n\nUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : kernel (ELSA-2008-0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-BOOT", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-hugemem-unsupported", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-smp-unsupported", "p-cpe:/a:oracle:linux:kernel-source", "p-cpe:/a:oracle:linux:kernel-unsupported", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/67763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0973 and \n# Oracle Linux Security Advisory ELSA-2008-0973 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67763);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"Oracle Linux 3 : kernel (ELSA-2008-0973)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0973 :\n\nUpdated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-December/000840.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2008-0973\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.4\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-BOOT-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-doc-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-doc-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-doc-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-hugemem-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-smp-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-source-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-source-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-source-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"kernel-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\nif (rpm_exists(release:\"EL3\", rpm:\"kernel-unsupported-2.4.21\") && rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"kernel-unsupported-2.4.21-58.0.0.0.1.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-16T14:32:33", "description": "Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important)\n\n* missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system's PATH_MAX, accessing the link caused a kernel oops. This has been corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a pointer. This caused a kernel panic in mptctl_gettargetinfo in some circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered without apparent cause. When running as a fully-virtualized client, this spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3 to present highly inaccurate times. With this update the lost tick compensation code is turned off when the operating system is running as a fully-virtualized client under Xen or VMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated kernel which addresses these vulnerabilities and fixes these bugs.", "cvss3": {"score": null, "vector": null}, "published": "2008-12-17T00:00:00", "type": "nessus", "title": "CentOS 3 : kernel (CESA-2008:0973)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-BOOT", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-hugemem-unsupported", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-smp-unsupported", "p-cpe:/a:centos:centos:kernel-source", "p-cpe:/a:centos:centos:kernel-unsupported", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2008-0973.NASL", "href": "https://www.tenable.com/plugins/nessus/35186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0973 and \n# CentOS Errata and Security Advisory 2008:0973 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35186);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\");\n script_bugtraq_id(26605, 29235, 29942, 30076, 30647, 31368);\n script_xref(name:\"RHSA\", value:\"2008:0973\");\n\n script_name(english:\"CentOS 3 : kernel (CESA-2008:0973)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that resolve several security issues and fix\nvarious bugs are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update addresses the following security issues :\n\n* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and\n64-bit emulation. This could allow a local, unprivileged user to\nprepare and run a specially crafted binary which would use this\ndeficiency to leak uninitialized and potentially sensitive data.\n(CVE-2008-0598, Important)\n\n* a possible kernel memory leak was found in the Linux kernel Simple\nInternet Transition (SIT) INET6 implementation. This could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2008-2136,\nImportant)\n\n* missing capability checks were found in the SBNI WAN driver which\ncould allow a local user to bypass intended capability restrictions.\n(CVE-2008-3525, Important)\n\n* the do_truncate() and generic_file_splice_write() functions did not\nclear the setuid and setgid bits. This could allow a local,\nunprivileged user to obtain access to privileged information.\n(CVE-2008-4210, Important)\n\n* a buffer overflow flaw was found in Integrated Services Digital\nNetwork (ISDN) subsystem. A local, unprivileged user could use this\nflaw to cause a denial of service. (CVE-2007-6063, Moderate)\n\n* multiple NULL pointer dereferences were found in various Linux\nkernel network drivers. These drivers were missing checks for terminal\nvalidity, which could allow privilege escalation. (CVE-2008-2812,\nModerate)\n\n* a deficiency was found in the Linux kernel virtual filesystem (VFS)\nimplementation. This could allow a local, unprivileged user to attempt\nfile creation within deleted directories, possibly causing a denial of\nservice. (CVE-2008-3275, Moderate)\n\nThis update also fixes the following bugs :\n\n* the incorrect kunmap function was used in nfs_xdr_readlinkres.\nkunmap() was used where kunmap_atomic() should have been. As a\nconsequence, if an NFSv2 or NFSv3 server exported a volume containing\na symlink which included a path equal to or longer than the local\nsystem's PATH_MAX, accessing the link caused a kernel oops. This has\nbeen corrected in this update.\n\n* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it\nas a pointer. This caused a kernel panic in mptctl_gettargetinfo in\nsome circumstances. A check has been added which prevents this.\n\n* lost tick compensation code in the timer interrupt routine triggered\nwithout apparent cause. When running as a fully-virtualized client,\nthis spurious triggering caused the 64-bit version of Red Hat\nEnterprise Linux 3 to present highly inaccurate times. With this\nupdate the lost tick compensation code is turned off when the\noperating system is running as a fully-virtualized client under Xen or\nVMware(r).\n\nAll Red Hat Enterprise Linux 3 users should install this updated\nkernel which addresses these vulnerabilities and fixes these bugs.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-December/015501.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d254e94\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-December/015502.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e5400ed\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015578.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20f73922\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-BOOT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-unsupported\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-BOOT-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-doc-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-hugemem-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"kernel-smp-unsupported-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-source-2.4.21-58.EL\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"kernel-unsupported-2.4.21-58.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:28", "description": "This update brings the IBM Java 6 JDK and JRE to Service Release 4. It fixes lots of bugs and various security issues :\n\n - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the 'shortest' form. This behavior is not a vulnerability in Java SE. However, it may be leveraged to exploit systems running software that relies on the JRE UTF-8 decoder to reject non-shortest form sequences. For example, non-shortest form sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5358)\n\n - A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application. (CVE-2008-5342)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5351", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-090405.NASL", "href": "https://www.tenable.com/plugins/nessus/41405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41405);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5351\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the IBM Java 6 JDK and JRE to Service Release 4. It\nfixes lots of bugs and various security issues :\n\n - A vulnerability in the Java Runtime Environment may\n allow an untrusted Java Web Start application to\n determine the location of the Java Web Start cache and\n the username of the user running the Java Web Start\n application. (CVE-2008-5341)\n\n - A vulnerability in the Java Runtime Environment with\n launching Java Web Start applications may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2008-5340)\n\n - The UTF-8 (Unicode Transformation Format-8) decoder in\n the Java Runtime Environment (JRE) accepts encodings\n that are longer than the 'shortest' form. This behavior\n is not a vulnerability in Java SE. However, it may be\n leveraged to exploit systems running software that\n relies on the JRE UTF-8 decoder to reject non-shortest\n form sequences. For example, non-shortest form sequences\n may be decoded into illegal URIs, which may then allow\n files that are not otherwise accessible to be read, if\n the URIs are not checked following UTF-8 decoding.\n (CVE-2008-5351)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5356)\n\n - A buffer vulnerability in the Java Runtime Environment\n (JRE) with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5357)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2008-5358)\n\n - A security vulnerability in the the Java Web Start\n BasicService allows untrusted applications that are\n downloaded from another system to request local files to\n be displayed by the browser of the user running the\n untrusted application. (CVE-2008-5342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=489052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5340.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5341.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5358.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 736.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0-124.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0-124.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-07T15:21:53", "description": "It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain generated code. If a user were tricked into running a malicious applet a remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-748-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36366);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34240);\n script_xref(name:\"USN\", value:\"748-1\");\n\n script_name(english:\"Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that font creation could leak temporary files. If a\nuser were tricked into loading a malicious program or applet, a remote\nattacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly\nclose files on dataless connections. A remote attacker could send\nspecially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain\ngenerated code. If a user were tricked into running a malicious applet\na remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A\nremote attacker could send specially crafted requests, leading to a\ndenial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A\nremote attacker could send specially crafted requests that could lead\nto arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or\nautomated system were tricked into processing a malicious JAR file, a\nremote attacker could crash the application, leading to a denial of\nservice. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to\nmemory corruption. If a user or automated system were tricked into\nprocessing a specially crafted image, a remote attacker could crash\nthe application, leading to a denial of service. (CVE-2009-1097,\nCVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/748-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-dbg / openjdk-6-demo / openjdk-6-doc / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:58", "description": "s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0898", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40374.NASL", "href": "https://www.tenable.com/plugins/nessus/43142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40374. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43142);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0898\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02000725\");\n script_xref(name:\"HP\", value:\"SSRT090049\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\n\n - Potential security vulnerabilities have been identified\n with the Java Runtime Environment (JRE) and Java\n Developer Kit (JDK) delivered with HP OpenView Network\n Node Manager (OV NNM). These vulnerabilities may allow\n remote unauthorized access, privilege escalation,\n execution of arbitrary code, and creation of a Denial of\n Service (DoS) . (HPSBMA02486 SSRT090049)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72ecd727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40374 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_40374 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_40374\", \"PHSS_40707\", \"PHSS_41242\", \"PHSS_41606\", \"PHSS_41857\", \"PHSS_42232\", \"PHSS_43046\", \"PHSS_43353\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:45", "description": "s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)\n\n - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257)", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0898", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_40375.NASL", "href": "https://www.tenable.com/plugins/nessus/43143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_40375. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43143);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0898\", \"CVE-2009-3845\", \"CVE-2009-3846\", \"CVE-2009-3847\", \"CVE-2009-3848\", \"CVE-2009-3849\", \"CVE-2009-4176\", \"CVE-2009-4177\", \"CVE-2009-4178\", \"CVE-2009-4179\", \"CVE-2009-4180\", \"CVE-2009-4181\");\n script_xref(name:\"HP\", value:\"emr_na-c01950877\");\n script_xref(name:\"HP\", value:\"emr_na-c02000725\");\n script_xref(name:\"HP\", value:\"SSRT090049\");\n script_xref(name:\"HP\", value:\"SSRT090257\");\n\n script_name(english:\"HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 : \n\nThe remote HP-UX host is affected by multiple vulnerabilities :\n\n - Potential security vulnerabilities have been identified\n with the Java Runtime Environment (JRE) and Java\n Developer Kit (JDK) delivered with HP OpenView Network\n Node Manager (OV NNM). These vulnerabilities may allow\n remote unauthorized access, privilege escalation,\n execution of arbitrary code, and creation of a Denial of\n Service (DoS) . (HPSBMA02486 SSRT090049)\n\n - Potential security vulnerabilities have been identified\n with HP OpenView Network Node Manager (OV NNM). These\n vulnerabilities could be exploited remotely to execute\n arbitrary code. References: CVE-2009-0898 (SSRT090101)\n CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846\n (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128,\n ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522)\n CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176\n (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132,\n ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539)\n CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180\n (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164,\n ZDI-CAN-549). (HPSBMA02483 SSRT090257)\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?422f4693\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72ecd727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_40375 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/26\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_40375 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_40375\", \"PHSS_40708\", \"PHSS_41243\", \"PHSS_41607\", \"PHSS_41858\", \"PHSS_42233\", \"PHSS_43047\", \"PHSS_43354\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-IPV6\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVPMD-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-30T20:14:51", "description": "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 8. \n\nThe remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. If an attacker can lure a user on the affected host into visiting a specially crafted web page with a malicious Java applet, he could leverage these issues to execute arbitrary code subject to the user's privileges.", "cvss3": {"score": null, "vector": null}, "published": "2009-02-13T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.4 Release 8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343"], "modified": "2022-06-29T00:00:00", "cpe": [], "id": "MACOSX_JAVA_REL8.NASL", "href": "https://www.tenable.com/plugins/nessus/35685", "sourceData": "#TRUSTED 7bbdb129f65fe7312e56bf68de8259053d36fb92836d26347bb16c87fe2fa6b5b136b097abfdbb5ee29ff16b4123f69b59f6492ca6c169d2129aae29015454d8e0b1b3bfd02950f079e2ae5174c64aa4a975c4dce478c1010bb4ec8bf48963fdc360322830ebdd72360441eaed576360dd9e572d3022d1f0d77fab9539083582cfe5f187b391f00fefe39158fcffca3bc11505f56a5e6e91af738ce8cb0cf326ce42cd02f257d91fd74ea9dae791b95442fd4f8c761d0e4483ab0bf18a0d0b5394f9e1b84cc70f2af916614694cc1c9f24e6b3c034d9dd71a48c4cdbb79f4d874950e5bc043deb40cdef53b118c9a35d96bdb2bc2921abdbe61b2b04ff32e96f63017f8c4d3f44db27579b53970058b60d152ba1cae193175f6ad92ecf32e7311d1c416802e287b008f3c5cc8c02f48972636bb3ea11e240698501ed9f91bbae3724015fe260491548e5dd599fd7473e43f415ea42a5505a05f9e2664a24f460037f61bdbad95d3e0a6030a68df80b6f889d211ce1abddc4ec70e7ed63029427cee023a4282baf0ae99bf548f17cc31a8891358239dfbc90dbea0aa914177e8ea698d61a0a87c11ef27f61608bdf932c8323be70461042cfff87e2805ecbac59a7ef45b1a5ab96013db5ae46216d213010305f8f319c4c21be98bf16fce53f8e6d1d1e4f3f3f1e279d5afe20008dad8bce72367c8262ca1413b55d4c5a3eee52\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35685);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5340\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\"\n );\n script_bugtraq_id(32892);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.4 Release 8\");\n script_summary(english:\"Check for Java Release 8 on Mac OS X 10.4\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.4 host is running a version of Java for Mac OS X\nolder than release 8. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT3436\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.4 release 8.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.4.11 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 8\\.11\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 11.8.2.\n if (\n ver[0] < 11 ||\n (\n ver[0] == 11 &&\n (\n ver[1] < 8 ||\n (ver[1] == 8 && ver[2] < 2)\n )\n )\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-30T20:14:44", "description": "The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 3. \n\nThe remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. If an attacker can lure a user on the affected host into visiting a specially crafted web page with a malicious Java applet, he could leverage these issues to execute arbitrary code subject to the user's privileges.", "cvss3": {"score": null, "vector": null}, "published": "2009-02-13T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.5 Update 3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-5340", "CVE-2008-5342", "CVE-2008-5343"], "modified": "2022-06-29T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_5_UPDATE3.NASL", "href": "https://www.tenable.com/plugins/nessus/35686", "sourceData": "#TRUSTED 16c76e2f158bfbe90f31a22258adc90c4e925002840ae6e024d80c00d00fd1f69361591820c9a8aac63455ad873303cf9d537267096818cd3ad97d56eccb7bd6580ce3b657830f71797f815d175abebae2c881cebe9114f896eaf5e63877fc9b5b70f56c5f1926bec38d338f1708b2660a942e1a977df558f9494e6e74ab93f8bf21e797b5c0eca06ffe67c0008ee25ea4e0238de0362253a52a8cec31d03af7fccc74bed9a01abdef4305407a360bd262cdc48c7305641b133ba7e2d081d8e6ed51bb55d43cb9a5d9531cdad7cd2ad2431f99d9a83cd48e838aab2988ec97a2261d0de76515a34a564bf85a42a98e92aab5f5135d02179dc1feb4f160a3303599691246842e87e62c4edadd782fe0b3de09b665f18c8745cbabc1907f989d58fe6c9de030d5d4ffd3c743ddff986395fed3ab70f2b24f5c193a9c1a3bae01d2577a21cf8f7d5ebe94ffff00724bc7ce7c39256f591b0613a1863e2f98865c58cd4db129897b06d529c2b4714bf9bf30120f6c28467b7bfbc9860866029311105c5cb1752fe824e270ec94196a3c2cc7899dc061d7323141f2b253abf5c9aff1c9c8474e76e3d4c503dd3ad81957092a25afdeadd78b856c16414753398f95daacd65ef1535207459a00db01cae450bc92de786bb19718e3c8509a80654a8fbd53079ef72a4e9b10e873a7d24f473c35b20e0aea49f2ee0fbfbf7b3ddee43b83\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35686);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5340\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\"\n );\n script_bugtraq_id(32892);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 3\");\n script_summary(english:\"Checks for Java Update 3 on Mac OS X 10.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\"\nThe remote Mac OS X 10.5 host is running a version of Java for Mac OS X\nthat is missing Update 3. \n\nThe remote version of this software contains several security\nvulnerabilities in Java Web Start and the Java Plug-in. For instance,\nthey may allow untrusted Java Web Start applications and untrusted Java\napplets to obtain elevated privileges. If an attacker can lure a user\non the affected host into visiting a specially crafted web page with a\nmalicious Java applet, he could leverage these issues to execute\narbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT3437\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Java for Mac OS X 10.5 Update 3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.5 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 9\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 12.2.2.\n if (\n ver[0] < 12 ||\n (\n ver[0] == 12 &&\n (\n ver[1] < 2 ||\n (ver[1] == 2 && ver[2] < 2)\n )\n )\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T01:01:28", "description": "JavaSE 6: update 71 patch (equivalent to JDK 6u71), 64bit.\nDate this patch was last updated by Sun : Jan/14/14", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125137-71", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1101", "CVE-2009-1106"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125137", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_125137-71.NASL", "href": "https://www.tenable.com/plugins/nessus/107417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107417);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1101\", \"CVE-2009-1106\");\n\n script_name(english:\"Solaris 10 (sparc) : 125137-71\");\n script_summary(english:\"Check for patch 125137-71\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125137-71\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 71 patch (equivalent to JDK 6u71), 64bit.\nDate this patch was last updated by Sun : Jan/14/14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125137-71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125137-71 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1095\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125137\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-71\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6dmx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-71\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6dvx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-71\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6rtx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj6dmx / SUNWj6dvx / SUNWj6rtx\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T01:02:59", "description": "JavaSE 6: update 75 patch (equivalent to JDK 6u75), 64bit.\nDate this patch was last updated by Sun : Apr/14/14", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125137-75", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1101", "CVE-2009-1106"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125137", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_125137-75.NASL", "href": "https://www.tenable.com/plugins/nessus/107418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107418);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1101\", \"CVE-2009-1106\");\n\n script_name(english:\"Solaris 10 (sparc) : 125137-75\");\n script_summary(english:\"Check for patch 125137-75\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125137-75\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 75 patch (equivalent to JDK 6u75), 64bit.\nDate this patch was last updated by Sun : Apr/14/14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125137-75\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125137-75 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1095\");\n script_cwe_id(20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125137\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-75\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6dmx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-75\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6dvx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125137-75\", obsoleted_by:\"152077-05 152920-01 \", package:\"SUNWj6rtx\", version:\"1.6.0,REV=2006.11.29.04.58\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj6dmx / SUNWj6dvx / SUNWj6rtx\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:21:51", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/43736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0377 and \n# CentOS Errata and Security Advisory 2009:0377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43736);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can