Lucene search
Copyright (c) 2013 Greenbone Networks GmbHOPENVAS:1361412562310881557HistoryJan 21, 2013 - 12:00 a.m.
CentOS Update for java CESA-2013:0165 centos5
2013-01-2100:00:00
Copyright (c) 2013 Greenbone Networks GmbH
plugins.openvas.org
11
0.974 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for java CESA-2013:0165 centos5
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2013-January/019203.html");
script_oid("1.3.6.1.4.1.25623.1.0.881557");
script_version("$Revision: 14222 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2013-01-21 09:37:56 +0530 (Mon, 21 Jan 2013)");
script_cve_id("CVE-2012-3174", "CVE-2013-0422");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name:"CESA", value:"2013:0165");
script_name("CentOS Update for java CESA-2013:0165 centos5");
script_tag(name:"summary", value:"The remote host is missing an update for the 'java'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
script_tag(name:"affected", value:"java on CentOS 5");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Two improper permission check issues were discovered in the reflection API
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk", rpm:"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-demo", rpm:"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-devel", rpm:"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-javadoc", rpm:"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-src", rpm:"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0156)
2013-01-15 00:00:00
CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0165)
2013-01-17 00:00:00
Oracle Java SE 7 < Update 11 Multiple Vulnerabilities
2013-01-14 00:00:00
openvas
openvas
Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)
2013-01-17 00:00:00
Oracle Linux Local Check: ELSA-2013-0165
2015-10-06 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18
2013-01-16 19:35:17
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17
2013-01-16 19:42:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16
2013-01-16 19:49:12
suse
suse
java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)
2013-01-25 14:04:23
Security update for Java (important)
2013-03-13 00:05:30
ubuntucve
ubuntucve
CVE-2012-3174
2013-01-14 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
redhat
redhat
(RHSA-2013:0156) Critical: java-1.7.0-oracle security update
2013-01-14 00:00:00
(RHSA-2013:0165) Important: java-1.7.0-openjdk security update
2013-01-16 00:00:00
(RHSA-2013:0626) Critical: java-1.7.0-ibm security update
2013-03-11 00:00:00
zdi
zdi
prion
prion
Design/Logic Flaw
2013-01-14 22:55:00
Design/Logic Flaw
2013-01-10 21:55:00
seebug
seebug
Oracle Java 7 JmxMBeanServer็ฑป่ฟ็จไปฃ็ ๆง่กๆผๆด
2013-01-14 00:00:00
Java Applet JMX Remote Code Execution
2014-07-01 00:00:00
cert
cert
Java 7 fails to restrict access to privileged code
2013-01-10 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-01-16 00:00:00
centos
centos
java security update
2013-01-16 20:29:20
cve
cve
CVE-2012-3174
2013-01-14 22:55:00
CVE-2013-0422
2013-01-10 21:55:00
attackerkb
attackerkb
CVE-2013-0422
2013-01-10 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2013-02-03 12:35:00
zdt
zdt
Java Applet JMX Remote Code Execution Vulnerability
2013-01-11 00:00:00
ibm
ibm
packetstorm
packetstorm
Java Applet JMX Remote Code Execution
2013-01-11 00:00:00
symantec
symantec
veracode
veracode
Authorization Bypass
2019-01-15 08:53:56
Sandbox Restrictions Bypass
2019-05-02 04:46:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
0-day vulnerability in Oracle Java is used to install maliscious software
2013-01-21 00:00:00
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
2013-01-21 00:00:00
threatpost
threatpost
NBC Website Hacked, Leading Visitors to Citadel Banking Malware
2013-02-21 21:07:10
ADP-Themed Phishing Emails Lead to Blackhole Sites
2013-01-14 18:29:21
Emergency Zero-Day Patch Does Not Quiet Calls to Disable Java
2013-01-14 16:40:39
thn
thn
Oracle Patches Java Zero Day Vulnerability
2013-01-16 06:01:00
Oracle Patches Java Zero Day Vulnerability
2013-01-16 17:01:00
saint
saint
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
metasploit
metasploit
Java Applet JMX Remote Code Execution
2013-01-10 19:30:43
canvas
canvas
Immunity Canvas: JAVA_MBEANINSTANTIATOR_FINDCLASS
2013-01-10 21:55:00
cisa_kev
cisa_kev
Oracle JRE Remote Code Execution Vulnerability
2022-05-25 00:00:00
exploitdb
exploitdb
Java Applet JMX - Remote Code Execution (Metasploit) (1)
2013-01-11 00:00:00
freebsd
freebsd
java 7.x -- security manager bypass
2013-01-10 00:00:00
fireeye
fireeye
securelist
securelist
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00