Lucene search
Copyright (c) 2013 Greenbone Networks GmbHOPENVAS:881557HistoryJan 21, 2013 - 12:00 a.m.
CentOS Update for java CESA-2013:0165 centos5
2013-01-2100:00:00
Copyright (c) 2013 Greenbone Networks GmbH
plugins.openvas.org
19
0.974 High
EPSS
Percentile
99.9%
Check for the Version of java
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for java CESA-2013:0165 centos5
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Two improper permission check issues were discovered in the reflection API
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)
This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.";
tag_affected = "java on CentOS 5";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2013-January/019203.html");
script_id(881557);
script_version("$Revision: 8526 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-01-21 09:37:56 +0530 (Mon, 21 Jan 2013)");
script_cve_id("CVE-2012-3174", "CVE-2013-0422");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "CESA", value: "2013:0165");
script_name("CentOS Update for java CESA-2013:0165 centos5 ");
script_tag(name: "summary" , value: "Check for the Version of java");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk", rpm:"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-demo", rpm:"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-devel", rpm:"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-javadoc", rpm:"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"java-1.7.0-openjdk-src", rpm:"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
prion
prion
Design/Logic Flaw
2013-01-14 22:55:00
Design/Logic Flaw
2013-01-10 21:55:00
nessus
nessus
Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16 (2013-0888)
2013-01-17 00:00:00
Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1693-1)
2013-01-17 00:00:00
Oracle Java SE 7 <= Update 10 Remote Code Execution
2012-01-10 00:00:00
openvas
openvas
RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01
2013-01-21 00:00:00
Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853
2013-01-21 00:00:00
Ubuntu Update for openjdk-7 USN-1693-1
2013-01-21 00:00:00
cve
cve
CVE-2012-3174
2013-01-14 22:55:00
CVE-2013-0422
2013-01-10 21:55:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18
2013-01-16 19:35:17
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17
2013-01-16 19:42:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16
2013-01-16 19:49:12
suse
suse
java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)
2013-01-25 14:04:23
Security update for Java (important)
2013-03-13 00:05:30
ubuntucve
ubuntucve
CVE-2012-3174
2013-01-14 00:00:00
CVE-2013-0422
2013-01-10 00:00:00
redhat
redhat
(RHSA-2013:0156) Critical: java-1.7.0-oracle security update
2013-01-14 00:00:00
(RHSA-2013:0165) Important: java-1.7.0-openjdk security update
2013-01-16 00:00:00
(RHSA-2013:0626) Critical: java-1.7.0-ibm security update
2013-03-11 00:00:00
zdi
zdi
seebug
seebug
Oracle Java 7 JmxMBeanServer็ฑป่ฟ็จไปฃ็ ๆง่กๆผๆด
2013-01-14 00:00:00
Java Applet JMX Remote Code Execution
2014-07-01 00:00:00
cert
cert
Java 7 fails to restrict access to privileged code
2013-01-10 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-01-16 00:00:00
centos
centos
java security update
2013-01-16 20:29:20
attackerkb
attackerkb
CVE-2013-0422
2013-01-10 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2013-02-03 12:35:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
0-day vulnerability in Oracle Java is used to install maliscious software
2013-01-21 00:00:00
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
2013-01-21 00:00:00
threatpost
threatpost
NBC Website Hacked, Leading Visitors to Citadel Banking Malware
2013-02-21 21:07:10
ADP-Themed Phishing Emails Lead to Blackhole Sites
2013-01-14 18:29:21
Emergency Zero-Day Patch Does Not Quiet Calls to Disable Java
2013-01-14 16:40:39
veracode
veracode
Authorization Bypass
2019-01-15 08:53:56
Sandbox Restrictions Bypass
2019-05-02 04:46:00
zdt
zdt
Java Applet JMX Remote Code Execution Vulnerability
2013-01-11 00:00:00
ibm
ibm
packetstorm
packetstorm
Java Applet JMX Remote Code Execution
2013-01-11 00:00:00
symantec
symantec
thn
thn
Oracle Patches Java Zero Day Vulnerability
2013-01-16 06:01:00
Oracle Patches Java Zero Day Vulnerability
2013-01-16 17:01:00
saint
saint
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape
2013-01-14 00:00:00
canvas
canvas
Immunity Canvas: JAVA_MBEANINSTANTIATOR_FINDCLASS
2013-01-10 21:55:00
cisa_kev
cisa_kev
Oracle JRE Remote Code Execution Vulnerability
2022-05-25 00:00:00
metasploit
metasploit
Java Applet JMX Remote Code Execution
2013-01-10 19:30:43
freebsd
freebsd
java 7.x -- security manager bypass
2013-01-10 00:00:00
fireeye
fireeye
securelist
securelist
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00