Lucene search
Copyright (C) 2009 E-Soft Inc.OPENVAS:136141256231066180HistoryNov 11, 2009 - 12:00 a.m.
RedHat Security Advisory RHSA-2009:1560
2009-11-1100:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
15
6.7 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.945 High
EPSS
Percentile
99.2%
The remote host is missing updates announced in
advisory RHSA-2009:1560.
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the Advance notification of Security
Updates for Java SE page from Sun Microsystems, listed in the References
section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,
CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.66180");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)");
script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("RedHat Security Advisory RHSA-2009:1560");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_(4|5)");
script_tag(name:"solution", value:"Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory RHSA-2009:1560.
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the Advance notification of Security
Updates for Java SE page from Sun Microsystems, listed in the References
section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,
CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://rhn.redhat.com/errata/RHSA-2009-1560.html");
script_xref(name:"URL", value:"http://www.redhat.com/security/updates/classification/#critical");
script_xref(name:"URL", value:"http://blogs.sun.com/security/entry/advance_notification_of_security_updates6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun", rpm:"java-1.6.0-sun~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-demo", rpm:"java-1.6.0-sun-demo~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-devel", rpm:"java-1.6.0-sun-devel~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-jdbc", rpm:"java-1.6.0-sun-jdbc~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-plugin", rpm:"java-1.6.0-sun-plugin~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"java-1.6.0-sun-src", rpm:"java-1.6.0-sun-src~1.6.0.17~1jpp.2.el5", rls:"RHENT_5")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
Related
redhat
redhat
(RHSA-2009:1560) Critical: java-1.6.0-sun security update
2009-11-09 00:00:00
(RHSA-2009:1571) Critical: java-1.5.0-sun security update
2009-11-10 00:00:00
(RHSA-2009:1584) Important: java-1.6.0-openjdk security update
2009-11-16 00:00:00
nessus
nessus
Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)
2009-11-16 00:00:00
Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
2013-02-22 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1560
2009-11-11 00:00:00
Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk)
2009-11-17 00:00:00
CentOS Update for java CESA-2009:1584 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2009-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
2009-11-14 03:30:20
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
2009-11-14 03:32:17
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
2009-11-14 03:33:25
centos
centos
java security update
2009-11-18 10:19:02
packetstorm
packetstorm
Netragard Security Advisory 2009-12-19
2009-12-30 00:00:00
Sun Java JRE AWT setDiffICM Buffer Overflow
2009-12-31 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2009-11-12 00:00:00
securityvulns
securityvulns
Sun Java multiple security vulnerabilities
2009-11-05 00:00:00
HP Network Node Manager i DoS
2011-09-20 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm
2010-01-12 17:47:21
remote code execution in java-1_6_0-sun
2009-11-19 17:02:05
remote code execution in java-1_5_0-ibm
2010-01-12 09:21:12
prion
prion
Code injection
2010-01-13 01:30:00
Code injection
2009-11-09 19:30:00
Design/Logic Flaw
2009-11-09 19:30:00
cve
cve
kaspersky
kaspersky
KLA10344 Multiple vulnerabilities in Sun Java SE
2009-11-05 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - January 2010
2010-01-12 00:00:00
ubuntucve
ubuntucve
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:44:24
Information Disclosure
2020-04-10 00:44:25
Arbitrary Code Execution
2020-04-10 00:40:36
saint
saint
Java Runtime Environment AWT setDiffICM buffer overflow
2009-11-27 00:00:00
Java Runtime Environment AWT setDiffICM buffer overflow
2009-11-27 00:00:00
Java Runtime Environment AWT setDiffICM buffer overflow
2009-11-27 00:00:00
zdi
zdi
Sun Java Web Start Arbitrary Command Execution Vulnerability
2009-11-04 00:00:00
Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
2009-11-04 00:00:00
Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
2009-11-04 00:00:00
seebug
seebug
Sun Java JRE AWT setDiffICM Buffer Overflow
2014-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Runtime AWT setDifflCM Stack Buffer Overflow (CVE-2009-3869)
2010-12-12 00:00:00
metasploit
metasploit
Sun Java JRE AWT setDiffICM Buffer Overflow
2009-12-17 04:52:40
Sun Java JRE getSoundbank file:// URI Buffer Overflow
2009-12-11 21:18:31
debiancve
debiancve
CVE-2009-2409
2009-07-30 19:30:00
f5
f5
K15663 : MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-23 00:00:00
canvas
canvas
Immunity Canvas: SUN_JAVA_HSBPARSER
2009-11-05 11:30:00
6.7 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.945 High
EPSS
Percentile
99.2%
Related for OPENVAS:136141256231066180