[USN-748-1] OpenJDK vulnerabilities

2009-03-28T00:00:00

Description

=========================================================== Ubuntu Security Notice USN-748-1 March 26, 2009 openjdk-6 vulnerabilities CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: icedtea6-plugin 6b12-0ubuntu6.4 openjdk-6-jdk 6b12-0ubuntu6.4 openjdk-6-jre 6b12-0ubuntu6.4 openjdk-6-jre-headless 6b12-0ubuntu6.4 openjdk-6-jre-lib 6b12-0ubuntu6.4 After a standard system upgrade you need to restart any Java applications to effect the necessary changes. Details follow: It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. (CVE-2006-2426, CVE-2009-1100) It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1101) Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. (CVE-2009-1102) It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093) Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094) Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096) It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.diff.gz Size/MD5: 257215 876f885acf37c0817a35956e6520de3a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.dsc Size/MD5: 2355 d8a4b0fe60497fd1f61c978c3c78e571 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.4_all.deb Size/MD5: 8469732 b032a764ce88bd155f9aaba02ecc6566 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.4_all.deb Size/MD5: 4709872 299164cb69aa3ec883867afb7d8d9054 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.4_all.deb Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.4_all.deb Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_amd64.deb Size/MD5: 81028 8952bc76c555dc8d950b2d3bfa940b7c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_amd64.deb Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_amd64.deb Size/MD5: 2366132 75294026f904346ec76397cd388252c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_amd64.deb Size/MD5: 9944822 cfd88c5f3fe97c67d8eca19908344823 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_amd64.deb Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_amd64.deb Size/MD5: 241642 240d8346bb895f9623091c94c81ae466 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_i386.deb Size/MD5: 71516 5c67a03b0011a3bd117fae210ca27cd9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_i386.deb Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_i386.deb Size/MD5: 2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_i386.deb Size/MD5: 9952338 c6bc056c5fa988f8841542a6801aa84d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_i386.deb Size/MD5: 25177778 41fa22a436950239955756efe7bc9112 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_i386.deb Size/MD5: 230774 5c5188e21a7a5a76763d7f651162dc3a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_lpia.deb Size/MD5: 72110 1b419781fc73fe42b85ff180f520edc2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_lpia.deb Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_lpia.deb Size/MD5: 2345400 ef0b99c18c2ce4cd1ae68f1f20d08566 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_lpia.deb Size/MD5: 9947530 6bb618600d7c1f7ec68a68519094e0d9 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_lpia.deb Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_lpia.deb Size/MD5: 227556 ad49784b480e88550c61dfc069cb4d2a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 77056 11313904c64bee4204f6369b4ffd5e66 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 2393022 c04df84eeb2373a7f0cd84ad85610188 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 8600518 197d84aae1eaafdab671a5749b42b86c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_powerpc.deb Size/MD5: 255542 a7d6deeb5ef7143bb8631c593f4c36c6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_sparc.deb Size/MD5: 70098 44eca12cf6d8ed10e02a755772052b5b http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_sparc.deb Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_sparc.deb Size/MD5: 2355160 e8adc4df2d4bc39f66da967b5272d455 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_sparc.deb Size/MD5: 9940784 c35a4115f4587df050af4c16de829674 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_sparc.deb Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_sparc.deb Size/MD5: 233052 1773a666f39a632f458e850fb300ef12

{"id": "SECURITYVULNS:DOC:21538", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "[USN-748-1] OpenJDK vulnerabilities", "description": "===========================================================\r\nUbuntu Security Notice USN-748-1 March 26, 2009\r\nopenjdk-6 vulnerabilities\r\nCVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\r\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100,\r\nCVE-2009-1101, CVE-2009-1102\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.10:\r\n icedtea6-plugin 6b12-0ubuntu6.4\r\n openjdk-6-jdk 6b12-0ubuntu6.4\r\n openjdk-6-jre 6b12-0ubuntu6.4\r\n openjdk-6-jre-headless 6b12-0ubuntu6.4\r\n openjdk-6-jre-lib 6b12-0ubuntu6.4\r\n\r\nAfter a standard system upgrade you need to restart any Java applications\r\nto effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that font creation could leak temporary files.\r\nIf a user were tricked into loading a malicious program or applet,\r\na remote attacker could consume disk space, leading to a denial of\r\nservice. (CVE-2006-2426, CVE-2009-1100)\r\n\r\nIt was discovered that the lightweight HttpServer did not correctly close\r\nfiles on dataless connections. A remote attacker could send specially\r\ncrafted requests, leading to a denial of service. (CVE-2009-1101)\r\n\r\nCertain 64bit Java actions would crash an application. A local attacker\r\nmight be able to cause a denial of service. (CVE-2009-1102)\r\n\r\nIt was discovered that LDAP connections did not close correctly.\r\nA remote attacker could send specially crafted requests, leading to a\r\ndenial of service. (CVE-2009-1093)\r\n\r\nJava LDAP routines did not unserialize certain data correctly. A remote\r\nattacker could send specially crafted requests that could lead to\r\narbitrary code execution. (CVE-2009-1094)\r\n\r\nJava did not correctly check certain JAR headers. If a user or\r\nautomated system were tricked into processing a malicious JAR file,\r\na remote attacker could crash the application, leading to a denial of\r\nservice. (CVE-2009-1095, CVE-2009-1096)\r\n\r\nIt was discovered that PNG and GIF decoding in Java could lead to memory\r\ncorruption. If a user or automated system were tricked into processing\r\na specially crafted image, a remote attacker could crash the application,\r\nleading to a denial of service. (CVE-2009-1097, CVE-2009-1098)\r\n\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.diff.gz\r\n Size/MD5: 257215 876f885acf37c0817a35956e6520de3a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.4.dsc\r\n Size/MD5: 2355 d8a4b0fe60497fd1f61c978c3c78e571\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz\r\n Size/MD5: 54363262 f3aa01206f2192464b998fb7cc550686\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.4_all.deb\r\n Size/MD5: 8469732 b032a764ce88bd155f9aaba02ecc6566\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.4_all.deb\r\n Size/MD5: 4709872 299164cb69aa3ec883867afb7d8d9054\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.4_all.deb\r\n Size/MD5: 25627544 e62afaf0e692fa587de0056cf014175d\r\n http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.4_all.deb\r\n Size/MD5: 49156004 2de3d037ef595b34ccb98324b11f1159\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 81028 8952bc76c555dc8d950b2d3bfa940b7c\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 47372520 d70f9ed68d2837e2f3f107a607b5cc96\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 2366132 75294026f904346ec76397cd388252c3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 9944822 cfd88c5f3fe97c67d8eca19908344823\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 24099904 24468c4793c974819f83b06fb41adc90\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_amd64.deb\r\n Size/MD5: 241642 240d8346bb895f9623091c94c81ae466\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 71516 5c67a03b0011a3bd117fae210ca27cd9\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 101847192 302ab3721553014290ce4bfdee6cb6fb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 2348630 1a4c103e4d235f7d641f2e0f2ddfe4c3\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 9952338 c6bc056c5fa988f8841542a6801aa84d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 25177778 41fa22a436950239955756efe7bc9112\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_i386.deb\r\n Size/MD5: 230774 5c5188e21a7a5a76763d7f651162dc3a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 72110 1b419781fc73fe42b85ff180f520edc2\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 101930130 abc646dc9df27f3415ff07dcb0c38e51\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 2345400 ef0b99c18c2ce4cd1ae68f1f20d08566\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 9947530 6bb618600d7c1f7ec68a68519094e0d9\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 25207906 1b334898157a834ab05ee74593ce57e4\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_lpia.deb\r\n Size/MD5: 227556 ad49784b480e88550c61dfc069cb4d2a\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 77056 11313904c64bee4204f6369b4ffd5e66\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 35898024 50945e6c1cbed766ea52b78fb7ed2ac5\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 2393022 c04df84eeb2373a7f0cd84ad85610188\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 8600518 197d84aae1eaafdab671a5749b42b86c\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 22988430 27721c39140811fd6ef9b00124c10b70\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_powerpc.deb\r\n Size/MD5: 255542 a7d6deeb5ef7143bb8631c593f4c36c6\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 70098 44eca12cf6d8ed10e02a755772052b5b\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 103688730 0034a5b63b78e38f3c5bb0d0b920b9cf\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 2355160 e8adc4df2d4bc39f66da967b5272d455\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 9940784 c35a4115f4587df050af4c16de829674\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 25193444 0e4de129d523ef09bed9e3a22c6cecf3\r\n http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.4_sparc.deb\r\n Size/MD5: 233052 1773a666f39a632f458e850fb300ef12\r\n", "published": "2009-03-28T00:00:00", "modified": "2009-03-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21538", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1101", "CVE-2009-1102"], "immutableFields": [], "lastseen": "2018-08-31T11:10:29", "viewCount": 22, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:0377"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-384", "CPAI-2009-345", "CPAI-2009-346"]}, {"type": "cve", "idList": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1769-1:1A1C7"]}, {"type": "gentoo", "idList": ["GLSA-200911-02"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-0377.NASL", "DEBIAN_DSA-1769.NASL", "GENTOO_GLSA-200911-02.NASL", "MACOSX_JAVA_10_5_UPDATE4.NASL", "MACOSX_JAVA_REL9.NASL", "MANDRIVA_MDVSA-2009-137.NASL", "ORACLELINUX_ELSA-2009-0377.NASL", "REDHAT-RHSA-2009-0377.NASL", "REDHAT-RHSA-2009-0392.NASL", "REDHAT-RHSA-2009-0394.NASL", "REDHAT-RHSA-2009-1038.NASL", "REDHAT-RHSA-2009-1198.NASL", "REDHAT-RHSA-2009-1662.NASL", "REDHAT-RHSA-2010-0043.NASL", "SL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SOLARIS10_118667-61.NASL", "SOLARIS10_118667.NASL", "SOLARIS10_125137-71.NASL", "SOLARIS10_125137-75.NASL", "SOLARIS10_125137.NASL", "SOLARIS8_118667.NASL", "SOLARIS8_125137.NASL", "SOLARIS9_118667.NASL", "SOLARIS9_125137.NASL", "SUN_JAVA_JRE_254569.NASL", "SUN_JAVA_JRE_254569_UNIX.NASL", "SUSE9_12422.NASL", "SUSE9_12531.NASL", "SUSE_11_0_JAVA-1_5_0-SUN-090327.NASL", "SUSE_11_0_JAVA-1_6_0-SUN-090327.NASL", "SUSE_11_1_JAVA-1_5_0-SUN-090328.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-090328.NASL", "SUSE_11_JAVA-1_4_2-IBM-091106.NASL", "SUSE_11_JAVA-1_6_0-IBM-090629.NASL", "SUSE_11_JAVA-1_6_0-SUN-090327.NASL", "SUSE_JAVA-1_4_2-IBM-6647.NASL", "SUSE_JAVA-1_4_2-IBM-6648.NASL", "SUSE_JAVA-1_5_0-IBM-6253.NASL", "SUSE_JAVA-1_5_0-SUN-1438.NASL", "SUSE_JAVA-1_5_0-SUN-6125.NASL", "SUSE_JAVA-1_6_0-SUN-6128.NASL", "UBUNTU_USN-748-1.NASL", "VMWARE_VMSA-2009-0014.NASL", "VMWARE_VMSA-2009-0014_REMOTE.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL", "VMWARE_VMSA-2010-0002.NASL", "VMWARE_VMSA-2010-0002_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102042", "OPENVAS:1361412562310102042", "OPENVAS:1361412562310122496", "OPENVAS:136141256231063644", "OPENVAS:136141256231063645", "OPENVAS:136141256231063735", "OPENVAS:136141256231063758", "OPENVAS:136141256231063797", "OPENVAS:136141256231063824", "OPENVAS:136141256231063980", "OPENVAS:136141256231064196", "OPENVAS:136141256231064221", "OPENVAS:136141256231064495", "OPENVAS:136141256231064592", "OPENVAS:136141256231065307", "OPENVAS:136141256231065682", "OPENVAS:136141256231065873", "OPENVAS:136141256231066344", "OPENVAS:136141256231066345", "OPENVAS:136141256231066348", "OPENVAS:1361412562310800384", "OPENVAS:1361412562310800386", "OPENVAS:1361412562310835197", "OPENVAS:1361412562310880673", "OPENVAS:63644", "OPENVAS:63645", "OPENVAS:63735", "OPENVAS:63746", "OPENVAS:63747", "OPENVAS:63748", "OPENVAS:63758", "OPENVAS:63797", "OPENVAS:63824", "OPENVAS:63980", "OPENVAS:64169", "OPENVAS:64170", "OPENVAS:64196", "OPENVAS:64221", "OPENVAS:64495", "OPENVAS:64592", "OPENVAS:65307", "OPENVAS:65682", "OPENVAS:65873", "OPENVAS:66344", "OPENVAS:66345", "OPENVAS:66348", "OPENVAS:800384", "OPENVAS:800386", "OPENVAS:835197", "OPENVAS:880673"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2009-091332"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0377"]}, {"type": "osv", "idList": ["OSV:DSA-1769-1"]}, {"type": "redhat", "idList": ["RHSA-2009:0377", "RHSA-2009:0392", "RHSA-2009:0394", "RHSA-2009:1038", "RHSA-2009:1198", "RHSA-2009:1551", "RHSA-2009:1662", "RHSA-2010:0043"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22178", "SECURITYVULNS:VULN:10077", "SECURITYVULNS:VULN:9777"]}, {"type": "suse", "idList": ["SUSE-SA:2009:016", "SUSE-SA:2009:029", "SUSE-SA:2009:036"]}, {"type": "ubuntu", "idList": ["USN-748-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-2426", "UB:CVE-2009-1093", "UB:CVE-2009-1094", "UB:CVE-2009-1095", "UB:CVE-2009-1096", "UB:CVE-2009-1097", "UB:CVE-2009-1098", "UB:CVE-2009-1100", "UB:CVE-2009-1101", "UB:CVE-2009-1102"]}, {"type": "veracode", "idList": ["VERACODE:23554", "VERACODE:23559", "VERACODE:23560", "VERACODE:23561", "VERACODE:23562", "VERACODE:23563", "VERACODE:23564", "VERACODE:23565", "VERACODE:23566", "VERACODE:23834"]}, {"type": "vmware", "idList": ["VMSA-2009-0014", "VMSA-2009-0014.3", "VMSA-2009-0016", "VMSA-2009-0016.6", "VMSA-2010-0002", "VMSA-2010-0002.4"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:0377"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-345"]}, {"type": "cve", "idList": ["CVE-2006-2426"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1769-1:1A1C7"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2010-0043/"]}, {"type": "nessus", "idList": ["SUSE9_12422.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065873", "OPENVAS:63746", "OPENVAS:65307", "OPENVAS:65682"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0377"]}, {"type": "redhat", "idList": ["RHSA-2009:0377", "RHSA-2009:0392", "RHSA-2009:0394", "RHSA-2009:1038", "RHSA-2009:1198", "RHSA-2010:0043"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22178"]}, {"type": "suse", "idList": ["SUSE-SA:2009:036"]}, {"type": "ubuntu", "idList": ["USN-748-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1101"]}, {"type": "vmware", "idList": ["VMSA-2009-0016"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2009-1095", "epss": "0.912360000", "percentile": "0.982810000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1093", "epss": "0.149820000", "percentile": "0.949120000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1096", "epss": "0.509170000", "percentile": "0.969440000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1097", "epss": "0.178890000", "percentile": "0.952990000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1100", "epss": "0.136920000", "percentile": "0.947040000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1098", "epss": "0.241020000", "percentile": "0.958400000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1094", "epss": "0.018490000", "percentile": "0.864760000", "modified": "2023-03-19"}, {"cve": "CVE-2006-2426", "epss": "0.090360000", "percentile": "0.936070000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1101", "epss": "0.157130000", "percentile": "0.950090000", "modified": "2023-03-19"}, {"cve": "CVE-2009-1102", "epss": "0.080750000", "percentile": "0.932650000", "modified": "2023-03-19"}], "vulnersScore": 0.8}, "_state": {"dependencies": 1678962117, "score": 1684016453, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "b0dafefd48c25bd1bcf11b6aff2f558d"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}

{"securityvulns": [{"lastseen": "2021-06-08T19:08:04", "description": "Multiple DoS conditions, memory corruptions on different data formats parsing and LDAP requests.", "cvss3": {}, "published": "2009-03-28T00:00:00", "type": "securityvulns", "title": "OpenJDK multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2009-03-28T00:00:00", "id": "SECURITYVULNS:VULN:9777", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9777", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "Oracle Critical Patch Update Advisory - July 2009\r\nDescription\r\n\r\nA Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\r\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 30 new security fixes across all products.\r\nSupported Products and Components Affected\r\n\r\nSecurity vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in [square brackets] following the product versions. Please click on the link in [square brackets] or in the Patch Availability Table to access the documentation for those patches.\r\nProduct releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support Policy:\r\n\r\n\u2022 Oracle Database 11g, version 11.1.0.6, 11.1.0.7 \t [ Database ]\r\n\u2022 Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 \t [ Database ]\r\n\u2022 Oracle Database 10g, version 10.1.0.5 \t [ Database ]\r\n\u2022 Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV \t [ Database ]\r\n\u2022 Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 \t [ Application Server ]\r\n\u2022 Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0, 10.1.3.4.0 \t [ Application Server ]\r\n\u2022 Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.2.0, 10.1.4.3.0 \t [ Application Server ]\r\n\u2022 Oracle E-Business Suite Release 12, version 12.1 \t [ E-Business Suite ]\r\n\u2022 Oracle E-Business Suite Release 12, version 12.0.6 \t [ E-Business Suite ]\r\n\u2022 Oracle E-Business Suite Release 11i, version 11.5.10.2 \t [ E-Business Suite ]\r\n\u2022 Oracle Enterprise Manager Database Control 11, version 11.1.0.6, 11.1.0.7 \t [ Enterprise Manager ]\r\n\u2022 Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4 \t [ Enterprise Manager ]\r\n\u2022 PeopleSoft Enterprise PeopleTools versions: 8.49 \t [ PeopleSoft/JDE ]\r\n\u2022 PeopleSoft Enterprise HRMS versions: 8.9 and 9.0 \t [ PeopleSoft/JDE ]\r\n\u2022 PeopleSoft Enterprise FMS (Financial Mgmt Systems) versions: 8.8 SP1, 8.9, 9.0 \t [ PeopleSoft/JDE ]\r\n\u2022 Siebel Highly Interactive Client versions: 7.5.3, 7.7.2, 7.8, 8.0, 8.1 \t [ Siebel ]\r\n\u2022 Oracle WebLogic Server 10.3, 10.0MP1 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server 8.1 through 8.1 SP6 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server 7.0 through 7.0 SP7 \t [ BEA ]\r\n\u2022 Oracle Complex Event Processing 10.3 and WebLogic Event Server 2.0 \t [ BEA ]\r\n\u2022 Oracle JRockit R27.6.3 and earlier (JDK/JRE 6, 5, 1.4.2) \t [ BEA ]\r\n\r\nPatch Availability Table and Risk Matrices\r\nProducts with Cumulative Patches\r\n\r\nThe Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications (Releases 12.0 and 12.1), JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools and Siebel Enterprise patches in the Updates are cumulative; patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates.\r\nProducts with Non-Cumulative Patches\r\n\r\nOracle E-Business Suite Applications Release 11i patches are not cumulative, so Oracle E-Business Suite Applications customers should refer to previous Critical Patch Updates to identify previous security fixes they want to apply. Oracle Collaboration Suite patches were cumulative up to and including the fixes provided in the July 2007 Critical Patch Update. From the July 2007 Critical Patch Update on, Oracle Collaboration Suite security fixes are delivered using the one-off patch infrastructure normally used by Oracle to deliver single bug fixes to customers. Patches for BEA products are not cumulative (unless otherwise stated), so BEA customers should refer to previous Security Advisories to identify previous security fixes they want to apply.\r\n\r\nFor each administered Oracle product, consult the documentation for patch availability information and installation instructions referenced from the following table. For an overview of the Oracle product documentation related to this Critical Patch Update, please refer to the Oracle Critical Patch Update July 2009 Documentation Map, My Oracle Support Note 841441.1.\r\nProduct \tRisk Matrix \tPatch Availability and Installation Information\r\nOracle Database \tAppendix - Oracle Database Risk Matrix \tCritical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\nOracle Application Server \tAppendix - Oracle Application Server Risk Matrix \tCritical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\nOracle Collaboration Suite\r\nBeehive Collaboration Software \tNo security fixes for this CPU.\r\nSee Appendix - Product Dependencies to apply patches for dependent products. \tCritical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\nOracle E-Business Suite and Applications \tAppendix - Oracle E-Business Suite and Applications Risk Matrix \tOracle E-Business Suite Critical Patch Update Note for July 2009, My Oracle Support Note 836258.1\r\nOracle Enterprise Manager \tAppendix - Enterprise Manager Risk Matrix \tCritical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne \tAppendix - Oracle PeopleSoft and JD Edwards Applications Risk Matrix \tOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Advisories\r\nOracle Siebel Enterprise \tAppendix - Siebel Products Suite Risk Matrix \tOracle Siebel Enterprise Support\r\nBEA Product Suite \tAppendix - BEA Product Suite Risk Matrix \tCritical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\n\r\n\r\nRisk Matrix Content\r\n\r\nRisk matrices list only security vulnerabilities that are newly fixed by the patches associated with this advisory. Risk matrices for previous security fixes can be found in previous Critical Patch Update advisories.\r\n\r\nSeveral vulnerabilities addressed in this Critical Patch Update affect multiple products. The same vulnerability appears with the same Vuln# in all risk matrices. Italics indicate vulnerabilities in code included from other product areas.\r\n\r\nSecurity vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS 2.0). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential result of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or \u201cproof-of-concept\u201d code for product vulnerabilities.\r\nWorkarounds\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\r\nSkipped Critical Patch Updates\r\n\r\nAs mentioned in the previous section, Oracle strongly recommends that customers apply fixes as soon as possible. For customers that have skipped one or more Critical Patch Updates and are concerned about products that do not have fixes announced in this CPU, please review the notes below to determine relevant actions.\r\nThere are no new security fixes for the following products that had security fixes in prior Critical Patch Update Advisories:\r\n\r\n * Oracle Collaboration Suite: Please see Critical Patch Update Advisory January 2009 for the announcement of the most recent security fixes for Oracle Collaboration Suite. Please see My Oracle Support Note 835649.1 to download the most recent security fixes for Oracle Collaboration Suite.\r\n * TimesTen In-Memory Database: Please see Critical Patch Update Advisory January 2009 for the announcement of the most recent security fixes for TimesTen In-Memory Database. See My Oracle Support Note 835649.1 to apply the most recent security fixes for TimesTen In-Memory Database.\r\n * Oracle Application Express: Please see Critical Patch Update Advisory April 2009 for the announcement of the most recent security fixes for Oracle Application Express. See My Oracle Support Note 835649.1 to apply the most recent security fixes for Oracle Application Express.\r\n * Oracle HTTP Server: Please see Critical Patch Update Advisory January 2007 to apply the most recent security fixes for Oracle HTTP Server. For Oracle Database versions 10g and higher, Oracle HTTP Server is on the Companion CD, is separately installable, and is not installed with the Database. See My Oracle Support Note 835649.1 to apply the most recent security fixes for Oracle Database included in Oracle HTTP Server.\r\n\r\nUnsupported Products and De-Supported Versions\r\n\r\nUnsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. Hence Oracle recommends that customers upgrade their Oracle products to a supported version.\r\n\r\nCritical Patch Update patches are not provided for product versions that are no longer covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. We recommend that customers upgrade to the latest supported version of Oracle products in order to obtain patches.\r\nProducts in Extended Support\r\nCritical Patch Update patches are available to customers who have purchased Extended Support under the Lifetime Support Policy. Customers must have a valid Extended Support service contract to be able to download Critical Patch Update patches for products in the Extended Support Phase. Critical Patch Update patches may not be downloaded to update products supported with Sustaining Support, or to update any unsupported products.\r\n\r\nSupported Database, Fusion Middleware, EM Grid Control and Collaboration Suite products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1. Please review the Technical Support Policies for further guidelines regarding support policies and phases of support.\r\nOn Request Model for Oracle Database and Oracle Application Server\r\n\r\nOracle proactively creates patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. We create patches for historically inactive platform/version combinations of the Oracle Database and Oracle Application Server only if requested by customers.\r\n\r\nAdditional details regarding the products, versions and platforms that will be supported for the next Critical Patch Update and the process for requesting On Request patches are available in the Critical Patch Update July 2009 Patch Availability Document for Oracle Products (My Oracle Support Note 835649.1).\r\nCredit Statement\r\nThe following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: Anonymous of TippingPoint (3com); Esteban Martinez Fayo of Application Security, Inc.; Kowsik Guruswamy of Mu Security; Joxean Koret; Alexander Kornbrust of Red Database Security; David Litchfield of NGS Software; Oleg P. of HSC Security Portal; Alexandr Polyakov of Digital Security; noderat ratty; and Dennis Yurichev.\r\n\r\nSecurity-In-Depth Contributors\r\n\r\nOracle provides recognition to people that have contributed to our Security-In-Depth program (see FAQ). People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases, but are not of such a critical nature that they are distributed in Critical Patch Updates.\r\n\r\nFor this Critical Patch Update, Oracle recognizes Pete Finnigan; Viatcheslav Kazakov of Borlas; Alexander Kornbrust of Red Database Security; Aaron C. Newman of Application Security, Inc.; and Guy Pilosof of Sentrigo for contributions to Oracle's Security-In-Depth program.\r\nCritical Patch Update Schedule\r\n\r\nCritical Patch Updates are released on the Tuesday closest to the 15th day of January, July, April and October. The next four dates are:\r\n\r\n * 13 October 2009\r\n * 12 January 2010\r\n * 13 April 2010\r\n * 13 July 2010\r\n\r\nReferences\r\n\r\n * Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]\r\n * Oracle PeopleSoft Security main page [ Oracle PeopleSoft/JDEdwards Support ]\r\n * Critical Patch Update - July 2009 Documentation Map [ My Oracle Support Note 841441.1 ]\r\n * Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ] \r\n * Risk Matrix definitions [ Risk Matrix Definitions ]\r\n * Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]\r\n * List of public vulnerabilities fixed in Critical Patch Updates and Security Alerts [ Oracle Technology Network ]\r\n * Software Error Correction Support Policy [ My Oracle Support Note 209768.1 ]\r\n * Previous Security Advisories Notifications for BEA products [ BEA Security Advisories ]\r\n\r\nModification History\r\n\r\n2009-Jul-15 \tRev 2. Updated Versions for PeopleSoft products\r\n2009-Jul-14 \tRev 1. Initial Release\r\n\r\n\r\n\r\nAppendix- Oracle Database\r\n\r\nOracle Database Executive Summary\r\n# This Critical Patch Update contains 12 new security fixes for the Database products divided as follows: 10 new security fixes for the Oracle Database Server. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.\r\n# 2 new security fixes for Oracle Secure Backup. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\nOracle Database Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1020 \tNetwork Foundation \tOracle Net \tNone \tNo \t9.0 \tNetwork \tLow \tSingle \tComplete \tComplete \tComplete \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 \tSee Note 1\r\nCVE-2009-1019 \tNetwork Authentication \tOracle Net \tNone \tYes \t7.5 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tPartial+ \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 \t \r\nCVE-2009-1963 \tNetwork Foundation \tOracle Net \tNone \tNo \t7.5 \tNetwork \tLow \tSingle \tNone \tPartial+ \tComplete \t11.1.0.6 \t \r\nCVE-2009-1021 \tAdvanced Replication \tOracle Net \tCreate Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3 \t \r\nCVE-2009-1966 (Oracle Enterprise Manager) \tConfig Management \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t11.1.0.7 \t \r\nCVE-2009-1967 (Oracle Enterprise Manager) \tConfig Management \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t11.1.0.7 \t \r\nCVE-2009-0987 \tUpgrade \tOracle Net \tCreate Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3 \t \r\nCVE-2009-1973 \tVirtual Private Database \tOracle Net \tAccess to tables with VPD policies \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t10.1.0.5, 10.2.0.4, 11.1.0.7 \t \r\nCVE-2009-1970 \tListener \tOracle Net \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 \t \r\nCVE-2009-1968 \tSecure Enterprise Search \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.8.3 \t \r\nCVE-2009-1015 \tCore RDBMS \tOracle Net \tCreate Session \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial+ \tNone \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 \t \r\nCVE-2009-1969 \tAuditing \tOracle Net \tCreate Session \tNo \t2.1 \tNetwork \tHigh \tSingle \tPartial \tNone \tNone \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7 \t \r\n \r\n\r\nNotes:\r\n\r\n 1. The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial.\r\n\r\n\r\nOracle Secure Enterprise Search\r\n\r\nOracle Secure Enterprise Search 10g is a standalone product that enables searching across a corporation's enterprise information assets. Unless you installed the Oracle Secure Enterprise Search product, it will not be present on your system and no further action is required.\r\n\r\nThe security vulnerability listed in the risk matrix above is fixed in Oracle Secure Enterprise Search 10g, version 10.1.8.3. Customers on previous versions of Secure Enterprise Search should upgrade to version 10.1.8.3 or later. Instructions on upgrading Oracle Secure Enterprise Search can be found in the Online Documentation. This, and the software to install, is referenced from the Oracle Technology Network Secure Enterprise Search page.\r\n\r\nOracle Secure Backup Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1977 \tOracle Secure Backup \tHTTP \tNone \tYes \t10.0 \tNetwork \tLow \tNone \tComplete \tComplete \tComplete \t10.2.0.3 \tSee Note 1\r\nCVE-2009-1978 \tOracle Secure Backup \tHTTP \tValid Session \tNo \t9.0 \tNetwork \tLow \tSingle \tComplete \tComplete \tComplete \t10.2.0.3 \tSee Note 2\r\n \r\n\r\nNotes:\r\n\r\n 1. The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial.\r\n 2. The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial.\r\n\r\n\r\nOverview of Oracle Secure Backup\r\n\r\nOracle Secure Backup provides centralized tape backup management protecting distributed, heterogeneous file system data and the Oracle database with advanced features such as backup encryption, dynamic drive sharing and tape vaulting.\r\n\r\nUpgrading Oracle Secure Backup\r\n\r\nThe Oracle Secure Backup security vulnerabilities are fixed in version 10.2.0.3. All previous versions should be upgraded to version 10.2.0.3 or later. Instructions on upgrading and the software to install the latest version of Oracle Secure Backup can be found at:\r\nhttp://www.oracle.com/technology/software/products/securebackup/htdocs/secbackup.html.\r\n\r\n\r\nAppendix - Oracle Application Server\r\n\r\nOracle Application Server Executive Summary\r\n\r\nThis Critical Patch Update contains 2 new security fixes for the Oracle Application Server. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Application Server installed.\r\n\r\nOracle Application Server products that are bundled with the Oracle Database are affected by the vulnerabilities listed in the Oracle Database section. They are not discussed further in this section and are not listed in the Oracle Application Server risk matrix.\r\n\r\n\r\nOracle Application Server Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-0217 \tOracle Security Developer Tools \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tPartial \tNone \t10.1.2.3, 10.1.3.4, 10.1.4.3IM \tSee Note 1\r\nCVE-2009-1976 \tHTTP Server \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3 \t \r\n \r\n\r\nNotes:\r\n\r\n 1. Web services component of Oracle Web Services Manager (OWSM) is also impacted by this vulnerability.\r\n\r\n\r\n\r\nAppendix - Oracle E-Business Suite and Applications\r\n\r\nOracle E-Business Suite and Applications Executive Summary\r\nThis Critical Patch Update contains 5 new security fixes for Oracle Applications. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Applications installed.\r\n\r\nOracle E-Business Suite products include Oracle Database and Oracle fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Fusion Middleware sections. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database and Fusion middleware versions being used. Oracle Database and Fusion Middleware security fixes are not listed in the Oracle E-Business Suite risk matrix, but since vulnerabilities affecting these versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the July 2009 Critical Patch Update to the Oracle Database and Fusion Middleware components of Oracle E-Business Suite. Refer to Oracle E-Business Suite Critical Patch Update for July 2009 Note 836258.1 for a detailed information.\r\n\r\n\r\nOracle E-Business Suite Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1980 \tOracle Application Object Library \tHTTP \tNone \tNo \t6.0 \tNetwork \tMedium \tSingle \tPartial+ \tPartial \tPartial \t11.5.10.2, 12.0.6, 12.1 \t \r\nCVE-2009-1984 \tApplication Install \tLocal \tPatch Administrator \tNo \t4.4 \tLocal \tMedium \tNone \tPartial+ \tPartial+ \tPartial+ \t11.5.10.2, 12.0.6, 12.1 \t \r\nCVE-2009-1982 \tOracle Applications Framework \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6 \t \r\nCVE-2009-1983 \tOracle iStore \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t11.5.10.2, 12.0.6, 12.1 \t \r\nCVE-2009-1986 \tOracle Applications Manager \tHTTP \tNone \tYes \t2.6 \tNetwork \tHigh \tNone \tPartial \tNone \tNone \t11.5.10.2 \t \r\n \r\n\r\n\r\n\r\nAppendix - Oracle Enterprise Manager\r\n\r\nOracle Enterprise Manager Executive Summary\r\n\r\nThis Critical Patch Update contains 2 new security fixes for Oracle Enterprise Manager. Neither of these vulnerabilities may be remotely exploitable without authentication, i.e., neither may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager installed.\r\nOracle Enterprise Manager 10g Grid Control includes Oracle Database and Oracle Application Server components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Application Server sections. The exposure of a particular installation of Oracle Enterprise Manager depends on the Oracle Database and Oracle Application Server versions being used. Oracle recommends that customers apply the July 2009 Critical Patch Update to the embedded Oracle Database and Oracle Application Server.\r\n\r\nReleases of Oracle Enterprise Manager before Oracle Enterprise Manager 10g Grid Control include Oracle Database components that are affected by the vulnerabilities listed in the Oracle Database section. The exposure of a particular installation of Oracle Enterprise Manager depends on the Oracle Database version being used. Oracle recommends that customers apply the July 2009 Critical Patch Update to the embedded Oracle Database.\r\n\r\nOracle Enterprise Manager Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1966 \tConfig Management \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t10.2.0.4 \tSee Note 1\r\nCVE-2009-1967 \tConfig Management \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t10.2.0.4 \tSee Note 1\r\n \r\n\r\nNotes:\r\n\r\n 1. The vulnerability associated with this Vuln# is fixed in the EMGC patch released in CPUApr2009. For details please refer to Critical Patch Update July 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 835649.1\r\n\r\n\r\n\r\nAppendix - Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne\r\n\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Executive Summary\r\n\r\nThis Critical Patch Update contains 3 new security fixes for the Oracle PeopleSoft and JDEdwards Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\n\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1989 \tPeopleSoft Enterprise FMS \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t8.8 SP1, 8.9 Bundle 33, 9.0 Bundle 24 \t \r\nCVE-2009-1987 \tPeopleSoft Enterprise PeopleTools - Enterprise Portal \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tPartial \tNone \t8.49.21 \t \r\nCVE-2009-1988 \tPeopleSoft Enterprise HRMS eProfile Manager \tHTTP \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t8.8 SP1, 8.9 Bundle 19, 9.0 Bundle 9 \t \r\n \r\n\r\n\r\n\r\nAppendix - Oracle Siebel Enterprise\r\n\r\nOracle Siebel Enterprise Executive Summary\r\n\r\nThis Critical Patch Update contains 1 new security fix for the Oracle Siebel Suite. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password. \r\n\r\n\r\nSiebel Product Suite Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1981 \tHighly Interactive Client \tHTTP \tNone \tNo \t3.0 \tLocal \tMedium \tSingle \tPartial \tPartial \tNone \t7.5.3, 7.7.2, 7.8.2, 8.0.0.5, 8.1.0 \t \r\n \r\n\r\n\r\n\r\nAppendix - BEA Product Suite\r\n\r\nBEA Products Executive Summary\r\n\r\nThis Critical Patch Update contains 5 new security fixes for the Oracle BEA Products Suite. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. \r\n\r\nPlease note that the information about advisory patches for BEA is available at My Oracle Support Note 835649.1 in the Oracle standard format. Patch information will no longer be provided in the old BEA format.\r\n\r\nPatches for BEA products are not cumulative (unless otherwise stated), so BEA customers should refer to Previous Security Advisories to identify previous security fixes they want to apply.\r\n\r\n\r\nBEA Product Suite Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2009-1094 \tJRockit \tSee Note 1 \tNone \tYes \t10.0 \tNetwork \tLow \tNone \tComplete \tComplete \tComplete \tR27.6.3: SDK/JRE 1.4.2, JRE/JDK 5, JRE/JDK 6 \tSee Note 1\r\nCVE-2009-1523 \tOracle Complex Event Processing \tHTTP \tJetty Server Package \tYes \t7.1 \tNetwork \tMedium \tNone \tComplete \tNone \tNone \tCEP 10.3, EVS 2.0 \tSee Note 2\r\nCVE-2009-1974 \tWebLogic Server \tHTTP \tServlet Container Package \tYes \t6.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tPartial \t10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7 \t \r\nCVE-2009-1975 \tWebLogic Server \tHTTP \tWLS Console Package \tYes \t6.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tPartial \t10.3 \t \r\nCVE-2009-0217 \tWebLogic Server \tHTTP \tWeb Services Package \tYes \t6.4 \tNetwork \tLow \tNone \tPartial \tPartial \tNone \t10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6 \t \r\n \r\n\r\nNotes:\r\n\r\n 1. Sun MicroSystems released a Security Alert in March 2009 to address multiple vulnerabilities affecting the Sun Java Runtime Environment. Oracle CVE-2009-1094 refers to all the advisories that were applicable to JRockit from the Sun Alert. The CVSS score of this Vul# shows the highest score of all the advisories fixed in JRockit. The score is calculated by National Vulnerability Database (NVD), not Oracle. The complete list of all advisories addressed in JRockit is as follows: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101\r\n 2. When Jetty is used for Complex Event Processing (CEP) or Event Service (EVS) it is not subject to this vulnerability. However, applications deployed to Jetty directly are vulnerable to CVE-2009-1523. Usage of the OSGi HTTP Service (i.e. registerServlet) is not subject to the vulnerability. See CVE-2009-1523 for additional details.\r\n\r\n\r\n\r\nAppendix- Product Dependencies\r\n\r\nOracle Product Dependency for CPU patching\r\nThis section highlights Oracle products that have dependencies on security vulnerability fixes announced in this Critical Patch Update. Oracle recommends that the customers apply Critical Patch Updates to all dependent products.\r\n\r\nOracle Beehive\r\nThis Critical Patch Update contains no new security fixes for the Oracle Beehive. Oracle Beehive contains the Oracle Database and Oracle Application Server components that are affected by vulnerabilities listed in the Oracle Database and Oracle Application Server sections. Hence Oracle recommends that customers apply the July 2009 Critical Patch Update to the Oracle Database and Oracle Application Server components of Oracle Beehive Collaboration Software.\r\n\r\nOracle Collaboration Suite\r\nThis Critical Patch Update contains no new security fixes for Oracle Collaboration Suite. Oracle Collaboration Suite contains the Oracle Database and Oracle Application Server components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Application Server sections. Hence Oracle recommends that customers apply the July 2009 Critical Patch Update to the Oracle Database and Oracle Application Server components of Oracle Collaboration Suite.\r\n\r\nSecure Enterprise Search\r\nOracle Secure Enterprise Search 10g includes Oracle Database 10g version 10.1.0.5, and since vulnerabilities affecting this Database version may affect Oracle Secure Enterprise Search, Oracle recommends that customers apply the July 2009 Critical Patch Update to the embedded Database. ", "cvss3": {}, "published": "2009-07-16T00:00:00", "type": "securityvulns", "title": "Oracle Critical Patch Update Advisory - July 2009", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1984", "CVE-2009-1099", "CVE-2009-0217", "CVE-2009-1989", "CVE-2009-1097", "CVE-2009-1966", "CVE-2009-1969", "CVE-2009-1021", "CVE-2009-1978", "CVE-2009-1982", "CVE-2009-1523", "CVE-2009-1963", "CVE-2009-1970", "CVE-2009-1100", "CVE-2009-1974", "CVE-2009-1977", "CVE-2009-1981", "CVE-2009-1980", "CVE-2009-1098", "CVE-2009-1020", "CVE-2009-1968", "CVE-2009-1019", "CVE-2009-1094", "CVE-2009-1973", "CVE-2009-1975", "CVE-2009-1967", "CVE-2009-1101", "CVE-2009-0987", "CVE-2009-1987", "CVE-2009-1983", "CVE-2009-1015", "CVE-2009-1988", "CVE-2009-1986", "CVE-2009-1976"], "modified": "2009-07-16T00:00:00", "id": "SECURITYVULNS:DOC:22178", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22178", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:00:43", "description": "Approximately 30 vulnerabilities in different applications are fixed.", "cvss3": {}, "published": "2010-02-16T00:00:00", "type": "securityvulns", "title": "Oracle quarterly security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2009-1984", "CVE-2009-0217", "CVE-2009-1989", "CVE-2009-1966", "CVE-2009-1969", "CVE-2009-1021", "CVE-2009-1978", "CVE-2009-1982", "CVE-2009-1523", "CVE-2009-1963", "CVE-2009-1970", "CVE-2009-1974", "CVE-2009-1977", "CVE-2009-1981", "CVE-2009-1980", "CVE-2009-1020", "CVE-2009-1968", "CVE-2009-1019", "CVE-2009-1094", "CVE-2009-1973", "CVE-2009-1975", "CVE-2009-1967", "CVE-2009-0987", "CVE-2009-1987", "CVE-2009-1983", "CVE-2009-1015", "CVE-2009-1988", "CVE-2009-1976"], "modified": "2010-02-16T00:00:00", "id": "SECURITYVULNS:VULN:10077", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10077", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-04T11:27:43", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory USN-748-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-748-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63748", "href": "http://plugins.openvas.org/nasl.php?oid=63748", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_748_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_748_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-748-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.10:\n icedtea6-plugin 6b12-0ubuntu6.4\n openjdk-6-jdk 6b12-0ubuntu6.4\n openjdk-6-jre 6b12-0ubuntu6.4\n openjdk-6-jre-headless 6b12-0ubuntu6.4\n openjdk-6-jre-lib 6b12-0ubuntu6.4\n\nAfter a standard system upgrade you need to restart any Java applications\nto effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-748-1\";\n\ntag_insight = \"It was discovered that font creation could leak temporary files.\nIf a user were tricked into loading a malicious program or applet,\na remote attacker could consume disk space, leading to a denial of\nservice. (CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly close\nfiles on dataless connections. A remote attacker could send specially\ncrafted requests, leading to a denial of service. (CVE-2009-1101)\n\nCertain 64bit Java actions would crash an application. A local attacker\nmight be able to cause a denial of service. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly.\nA remote attacker could send specially crafted requests, leading to a\ndenial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A remote\nattacker could send specially crafted requests that could lead to\narbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or\nautomated system were tricked into processing a malicious JAR file,\na remote attacker could crash the application, leading to a denial of\nservice. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to memory\ncorruption. If a user or automated system were tricked into processing\na specially crafted image, a remote attacker could crash the application,\nleading to a denial of service. (CVE-2009-1097, CVE-2009-1098)\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory USN-748-1.\";\n\n \n\n\nif(description)\n{\n script_id(63748);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-748-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-748-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:37", "description": "The remote host is missing an update to icu\nannounced via advisory USN-747-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-747-1 (icu)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2009-1097", "CVE-2008-4316", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63747", "href": "http://plugins.openvas.org/nasl.php?oid=63747", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_747_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_747_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-747-1 (icu)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libicu34 3.4.1a-1ubuntu1.6.06.2\n\nUbuntu 7.10:\n libicu36 3.6-3ubuntu0.2\n\nUbuntu 8.04 LTS:\n libicu38 3.8-6ubuntu0.1\n\nUbuntu 8.10:\n libicu38 3.8.1-2ubuntu0.1\n\nAfter a standard system upgrade you need to restart applications linked\nagainst libicu, such as OpenOffice.org, to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-747-1\";\n\ntag_insight = \"It was discovered that libicu did not correctly handle certain invalid\nencoded data. If a user or automated system were tricked into processing\nspecially crafted data with applications linked against libicu, certain\ncontent filters could be bypassed.\";\ntag_summary = \"The remote host is missing an update to icu\nannounced via advisory USN-747-1.\";\n\n \n\n\nif(description)\n{\n script_id(63747);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-747-1 (icu)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-747-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:03", "description": "The remote host is missing an update to xine-lib\nannounced via advisory USN-746-1.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Ubuntu USN-746-1 (xine-lib)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-1097", "CVE-2008-4316", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63746", "href": "http://plugins.openvas.org/nasl.php?oid=63746", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_746_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_746_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-746-1 (xine-lib)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libxine-main1 1.1.1+ubuntu2-7.11\n\nUbuntu 7.10:\n libxine1 1.1.7-1ubuntu1.5\n\nUbuntu 8.04 LTS:\n libxine1 1.1.11.1-1ubuntu3.3\n\nUbuntu 8.10:\n libxine1 1.1.15-0ubuntu3.2\n\nAfter a standard system upgrade you need to restart applications linked\nagainst xine-lib, such as Totem-xine and Amarok, to effect the necessary\nchanges.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-746-1\";\n\ntag_insight = \"It was discovered that the 4xm demuxer in xine-lib did not correctly handle\na large current_track value in a 4xm file, resulting in an integer\noverflow. If a user or automated system were tricked into opening a\nspecially crafted 4xm movie file, an attacker could crash xine-lib or\npossibly execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2009-0698)\n\nUSN-710-1 provided updated xine-lib packages to fix multiple security\nvulnerabilities. The security patch to fix CVE-2008-5239 introduced a\nregression causing some media files to be unplayable. This update corrects\nthe problem. We apologize for the inconvenience.\n\nOriginal advisory details:\n It was discovered that the input handlers in xine-lib did not correctly\n handle certain error codes, resulting in out-of-bounds reads and heap-\n based buffer overflows. If a user or automated system were tricked into\n opening a specially crafted file, stream, or URL, an attacker could\n execute arbitrary code as the user invoking the program. (CVE-2008-5239)\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory USN-746-1.\";\n\n \n\n\nif(description)\n{\n script_id(63746);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-746-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-746-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:12", "description": "Oracle Linux Local Security Checks ELSA-2009-0377", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122496", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122496", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0377.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122496\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:41 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0377\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0377 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0377\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0377.html\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2006-2426\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:47", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63758", "href": "http://plugins.openvas.org/nasl.php?oid=63758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0377.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0377 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63758);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0377\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0377.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63824", "href": "http://plugins.openvas.org/nasl.php?oid=63824", "sourceData": "#CESA-2009:0377 63824 2\n# $Id: ovcesa2009_0377.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0377 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0377\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0377\nhttps://rhn.redhat.com/errata/RHSA-2009-0377.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.\";\n\n\n\nif(description)\n{\n script_id(63824);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:39", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063758", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063758", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0377.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0377 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0377.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63758\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0377\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0377.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063824", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063824", "sourceData": "#CESA-2009:0377 63824 2\n# $Id: ovcesa2009_0377.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0377 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0377\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0377\nhttps://rhn.redhat.com/errata/RHSA-2009-0377.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:0377.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63824\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of java", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:0377 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880673", "href": "http://plugins.openvas.org/nasl.php?oid=880673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2009:0377 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way that the Java Virtual Machine (JVM) handled\n temporary font files. A malicious applet could use this flaw to use large\n amounts of disk space, causing a denial of service. (CVE-2006-2426)\n \n A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\n application using color profiles could use excessive amounts of memory, and\n possibly crash after using all available memory, if used to open\n specially-crafted images. (CVE-2009-0581)\n \n Multiple integer overflow flaws which could lead to heap-based buffer\n overflows, as well as multiple insufficient input validation flaws, were\n found in the way LittleCMS handled color profiles. An attacker could use\n these flaws to create a specially-crafted image file which could cause a\n Java application to crash or, possibly, execute arbitrary code when opened.\n (CVE-2009-0723, CVE-2009-0733)\n \n A null pointer dereference flaw was found in LittleCMS. An application\n using color profiles could crash while converting a specially-crafted image\n file. (CVE-2009-0793)\n \n A flaw in the Java API for XML Web Services (JAX-WS) service endpoint\n handling could allow a remote attacker to cause a denial of service on the\n server application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n \n A flaw in the way the Java Runtime Environment initialized LDAP connections\n could allow a remote, authenticated user to cause a denial of service on\n the LDAP service. (CVE-2009-1093)\n \n A flaw in the Java Runtime Environment LDAP client could allow malicious\n data from an LDAP server to cause arbitrary code to be loaded and then run\n on an LDAP client. (CVE-2009-1094)\n \n Several buffer overflow flaws were found in the Java Runtime Environment\n unpack200 functionality. An untrusted applet could extend its privileges,\n allowing it to read and write local files, as well as to execute local\n applications with the privileges of the user running the applet.\n (CVE-2009-1095, CVE-2009-1096)\n \n A flaw in the Java Runtime Environment Virtual Machine code generation\n functionality could allow untrusted applets to extend their privileges. An\n untrusted applet could extend its privileges, allowing it to read and write\n local files, as well as execute local applications with the privileges\n of the user running the applet. (CVE-2009-1102)\n \n A buffer overf ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\");\n script_id(880673);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0377\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\",\n \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\",\n \"CVE-2009-1102\");\n script_name(\"CentOS Update for java CESA-2009:0377 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:0377 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2009:0377 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880673\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0377\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\",\n \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\",\n \"CVE-2009-1102\");\n script_name(\"CentOS Update for java CESA-2009:0377 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way that the Java Virtual Machine (JVM) handled\n temporary font files. A malicious applet could use this flaw to use large\n amounts of disk space, causing a denial of service. (CVE-2006-2426)\n\n A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\n application using color profiles could use excessive amounts of memory, and\n possibly crash after using all available memory, if used to open\n specially-crafted images. (CVE-2009-0581)\n\n Multiple integer overflow flaws which could lead to heap-based buffer\n overflows, as well as multiple insufficient input validation flaws, were\n found in the way LittleCMS handled color profiles. An attacker could use\n these flaws to create a specially-crafted image file which could cause a\n Java application to crash or, possibly, execute arbitrary code when opened.\n (CVE-2009-0723, CVE-2009-0733)\n\n A null pointer dereference flaw was found in LittleCMS. An application\n using color profiles could crash while converting a specially-crafted image\n file. (CVE-2009-0793)\n\n A flaw in the Java API for XML Web Services (JAX-WS) service endpoint\n handling could allow a remote attacker to cause a denial of service on the\n server application hosting the JAX-WS service endpoint. (CVE-2009-1101)\n\n A flaw in the way the Java Runtime Environment initialized LDAP connections\n could allow a remote, authenticated user to cause a denial of service on\n the LDAP service. (CVE-2009-1093)\n\n A flaw in the Java Runtime Environment LDAP client could allow malicious\n data from an LDAP server to cause arbitrary code to be loaded and then run\n on an LDAP client. (CVE-2009-1094)\n\n Several buffer overflow flaws were found in the Java Runtime Environment\n unpack200 functionality. An untrusted applet could extend its privileges,\n allowing it to read and write local files, as well as to execute local\n applications with the privileges of the user running the applet.\n (CVE-2009-1095, CVE-2009-1096)\n\n A flaw in the Java Runtime Environment Virtual Machine code generation\n functionality could allow untrusted applets to extend their privileges. An\n untrusted applet could extend its privileges, allowing it to read and write\n local files, as well as execute local applications with the privileges\n of the user running the applet. (CVE-2009-1102)\n\n A buffer overf ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.30.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:50", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1769-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063797", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063797", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1769_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1769-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\nCreation of large, temporary fonts could use up available disk space,\nleading to a denial of service condition (CVE-2006-2426).\n\nSeveral vulnerabilities existed in the embedded LittleCMS library,\nexploitable through crafted images: a memory leak, resulting in a\ndenial of service condition (CVE-2009-0581), heap-based buffer\noverflows, potentially allowing arbitrary code execution\n(CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,\nleading to denial of service (CVE-2009-0793).\n\nThe LDAP server implementation (in com.sun.jdni.ldap) did not properly\nclose sockets if an error was encountered, leading to a\ndenial-of-service condition (CVE-2009-1093).\n\nThe LDAP client implementation (in com.sun.jdni.ldap) allowed\nmalicious LDAP servers to execute arbitrary code on the client\n(CVE-2009-1094).\n\nThe HTTP server implementation (sun.net.httpserver) contained an\nunspecified denial of service vulnerability (CVE-2009-1101).\n\nSeveral issues in Java Web Start have been addressed (CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages\ncurrently do not support Java Web Start, so these issues are not\ndirectly exploitable, but the relevant code has been updated\nnevertheless.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201769-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63797\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1769-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:17", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1769-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-0581"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63797", "href": "http://plugins.openvas.org/nasl.php?oid=63797", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1769_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1769-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\nCreation of large, temporary fonts could use up available disk space,\nleading to a denial of service condition (CVE-2006-2426).\n\nSeveral vulnerabilities existed in the embedded LittleCMS library,\nexploitable through crafted images: a memory leak, resulting in a\ndenial of service condition (CVE-2009-0581), heap-based buffer\noverflows, potentially allowing arbitrary code execution\n(CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,\nleading to denial of service (CVE-2009-0793).\n\nThe LDAP server implementation (in com.sun.jdni.ldap) did not properly\nclose sockets if an error was encountered, leading to a\ndenial-of-service condition (CVE-2009-1093).\n\nThe LDAP client implementation (in com.sun.jdni.ldap) allowed\nmalicious LDAP servers to execute arbitrary code on the client\n(CVE-2009-1094).\n\nThe HTTP server implementation (sun.net.httpserver) contained an\nunspecified denial of service vulnerability (CVE-2009-1101).\n\nSeveral issues in Java Web Start have been addressed (CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098). The Debian packages\ncurrently do not support Java Web Start, so these issues are not\ndirectly exploitable, but the relevant code has been updated\nnevertheless.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\n\nWe recommend that you upgrade your openjdk-6 packages.\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory DSA 1769-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201769-1\";\n\n\nif(description)\n{\n script_id(63797);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1769-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b11-9.1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:37", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064495", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_162.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:162 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK:\n\nA memory leak flaw allows remote attackers to cause a denial of service\n(memory consumption and application crash) via a crafted image file\n(CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary\ncode via a crafted image file that triggers a heap-based buffer\noverflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to\nexecute arbitrary code via a crafted image file associated with a large\ninteger value for the (1) input or (2) output channel (CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote\nattackers to cause denial of service triggered by a NULL pointer\ndereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK:\n\nA flaw in handling temporary font files by the Java Virtual\nMachine (JVM) allows remote attackers to cause denial of service\n(CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse\naudio source data lines. An attacker could use this flaw to cause an\napplet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections\nallows authenticated remote users to cause denial of service on the\nLDAP service (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server\nLDAP responses allows remote attackers to execute arbitrary code on\nthe client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility\nallow remote attackers to execute arbitrary code via an crafted applet\n(CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers\nto execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to\nexecute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling allows remote attackers to cause a denial of service on the\nservice endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nallows remote attackers to execute arbitrary code via a crafted applet\n(CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:162\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64495\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:33", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64495", "href": "http://plugins.openvas.org/nasl.php?oid=64495", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_162.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:162 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK:\n\nA memory leak flaw allows remote attackers to cause a denial of service\n(memory consumption and application crash) via a crafted image file\n(CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary\ncode via a crafted image file that triggers a heap-based buffer\noverflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to\nexecute arbitrary code via a crafted image file associated with a large\ninteger value for the (1) input or (2) output channel (CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote\nattackers to cause denial of service triggered by a NULL pointer\ndereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK:\n\nA flaw in handling temporary font files by the Java Virtual\nMachine (JVM) allows remote attackers to cause denial of service\n(CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse\naudio source data lines. An attacker could use this flaw to cause an\napplet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections\nallows authenticated remote users to cause denial of service on the\nLDAP service (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server\nLDAP responses allows remote attackers to execute arbitrary code on\nthe client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility\nallow remote attackers to execute arbitrary code via an crafted applet\n(CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers\nto execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to\nexecute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling allows remote attackers to cause a denial of service on the\nservice endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nallows remote attackers to execute arbitrary code via a crafted applet\n(CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:162\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:162.\";\n\n \n\nif(description)\n{\n script_id(64495);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:38", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64221", "href": "http://plugins.openvas.org/nasl.php?oid=64221", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_137.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:137 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK. For details, please visit\nthe referenced advisories.\n\nThis update provides fixes for these issues.\n\nUpdate:\n\njava-1.6.0-openjdk requires rhino packages and these has been further\nupdated.\n\nAffected: 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:137\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.\";\n\n \n\nif(description)\n{\n script_id(64221);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:51", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-0794", "CVE-2009-0723", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0793", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0581"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064221", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064221", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_137.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:137 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK. For details, please visit\nthe referenced advisories.\n\nThis update provides fixes for these issues.\n\nUpdate:\n\njava-1.6.0-openjdk requires rhino packages and these has been further\nupdated.\n\nAffected: 2009.0, 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:137\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:137.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64221\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2006-2426\", \"CVE-2009-0794\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino\", rpm:\"rhino~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-demo\", rpm:\"rhino-demo~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-javadoc\", rpm:\"rhino-javadoc~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"rhino-manual\", rpm:\"rhino-manual~1.7~0.0.3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:38", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0392", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63644", "href": "http://plugins.openvas.org/nasl.php?oid=63644", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0392.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0392 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63644);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0392\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0392.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:03", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0392", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063644", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063644", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0392.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0392 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0392.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105,\nCVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63644\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0392\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0392.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.13~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:20", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310800384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800384\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34489\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JRE 6 Update 12 and prior.\n\n Sun Java JRE 5.0 Update 17 and prior.\n\n Sun Java JRE 1.4.2_19 and prior.\n\n Sun Java JRE 1.3.1_24 and prior.\");\n script_tag(name:\"insight\", value:\"For more information about vulnerabilities on Sun Java go through reference.\");\n script_tag(name:\"solution\", value:\"Upgrade to JRE version 6 Update 13\n\n Upgrade to JRE version 5 Update 18\n\n Upgrade to JRE version 1.4.2_20\n\n Upgrade to JRE version 1.3.1_25.\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!jreVer)\n exit(0);\n\nif(jreVer)\n{\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:49", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063735", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_016.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated\nto Update 13 to fix various bugs and security issues.\n\nFor details addressed in these updates, please visit the referenced\nsecurity advisories.\n\nNo Sun Java 1.4.2 updates are available at this time since it has\nentered EOL phase.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:016\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63735\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:51", "description": "Check for the Version of Java", "cvss3": {}, "published": "2009-06-01T00:00:00", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.16 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.22 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, execution of arbitrary code, and Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01745133-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835197\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 16:39:46 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02429\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_name( \"HP-UX Update for Java HPSBUX02429\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T13:01:02", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800384", "href": "http://plugins.openvas.org/nasl.php?oid=800384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_dos_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\n Impact Level: System\";\ntag_affected = \"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\";\ntag_insight = \"For more information about vulnerabilities on Sun Java go through reference.\";\ntag_solution = \"Upgrade to JRE version 6 Update 13\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JRE version 5 Update 18\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JRE version 1.4.2_20\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JRE version 1.3.1_25\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800384);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34489\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_require_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_25, 1.4 < 1.4.2_20, 1.5 < 1.5.0_18 (5 Update 18),\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T13:01:12", "description": "This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JRE Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800386", "href": "http://plugins.openvas.org/nasl.php?oid=800386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_dos_vuln_lin.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JRE Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\n Impact Level: System\";\ntag_affected = \"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\";\ntag_insight = \"For more information about vulnerabilities on Sun Java go through reference.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 13\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 18\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to SDK/JRE version 1.4.2_20\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to SDK/JRE version 1.3.1_25\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800386);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JRE Multiple Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34489\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_require_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_25, 1.4 < 1.4.2_20, 1.5 < 1.5.0_18 (5 Update 18),\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:23", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63735", "href": "http://plugins.openvas.org/nasl.php?oid=63735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_016.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated\nto Update 13 to fix various bugs and security issues.\n\nFor details addressed in these updates, please visit the referenced\nsecurity advisories.\n\nNo Sun Java 1.4.2 updates are available at this time since it has\nentered EOL phase.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:016\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:016.\";\n\n \n\nif(description)\n{\n script_id(63735);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u13~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update18~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u12~1.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:24", "description": "This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "openvas", "title": "Sun Java JRE Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310800386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JRE Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800386\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\",\n \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\",\n \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_name(\"Sun Java JRE Multiple Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34489\");\n script_xref(name:\"URL\", value:\"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to cause XSS, arbitrary code\n execution, various buffer overflows, bypass security restrictions and can\n cause denial of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JRE 6 Update 12 and prior.\n Sun Java JRE 5.0 Update 17 and prior.\n Sun Java JRE 1.4.2_19 and prior.\n Sun Java JRE 1.3.1_24 and prior.\");\n script_tag(name:\"insight\", value:\"For more information about vulnerabilities on Sun Java go through reference.\");\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 13\n\n Upgrade to JDK/JRE version 5 Update 18\n\n Upgrade to SDK/JRE version 1.4.2_20\n\n Upgrade to SDK/JRE version 1.3.1_25.\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JRE and is prone to\n Multiple Vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer)\n exit(0);\n\nif(jreVer)\n{\n # and 1.6 < 1.6.0_13 (6 Update 13)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.24\") ||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.19\") ||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.17\") ||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.12\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:57:15", "description": "Check for the Version of Java", "cvss3": {}, "published": "2009-06-01T00:00:00", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1102", "CVE-2009-1105"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835197", "href": "http://plugins.openvas.org/nasl.php?oid=835197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02429\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.16 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.22 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, execution of arbitrary code, and Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01745133-1\");\n script_id(835197);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-01 16:39:46 +0200 (Mon, 01 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02429\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_name( \"HP-UX Update for Java HPSBUX02429\");\n\n script_summary(\"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.22.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.16.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.04.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:07", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0394", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63645", "href": "http://plugins.openvas.org/nasl.php?oid=63645", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0394.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0394 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63645);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0394\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:35", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-03-31T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0394", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063645", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063645", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0394.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0394 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0394.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63645\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0394\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0394.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.18~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065682", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065682", "sourceData": "#\n#VID 706f811c965148739c35d07d3653b91c\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=516361\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=494536\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65682\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:14", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1038", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063980", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1038.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1038 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63980\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1038\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1038.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:28", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1198", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064592", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1198.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1198 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64592\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1198\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1198.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65682", "href": "http://plugins.openvas.org/nasl.php?oid=65682", "sourceData": "#\n#VID 706f811c965148739c35d07d3653b91c\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=516361\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=494536\");\n script_id(65682);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0~124.7.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:20", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1038", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63980", "href": "http://plugins.openvas.org/nasl.php?oid=63980", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1038.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1038 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1038.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63980);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1038\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1038.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.5.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.9~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1198", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1097", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2009-1103", "CVE-2009-1101", "CVE-2009-1107", "CVE-2009-1105"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64592", "href": "http://plugins.openvas.org/nasl.php?oid=64592", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1198.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1198 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1198.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,\nCVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64592);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1198\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1198.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.5~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:10", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065307", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5050060.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java 5 JRE and IBM Java 5 SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65307\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.64\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:29", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065873", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065873", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-6253\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65873\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65873", "href": "http://plugins.openvas.org/nasl.php?oid=65873", "sourceData": "#\n#VID slesp2-java-1_5_0-ibm-6253\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65873);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for IBM Java 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm\", rpm:\"java-1_5_0-ibm~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-alsa\", rpm:\"java-1_5_0-ibm-alsa~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-devel\", rpm:\"java-1_5_0-ibm-devel~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-fonts\", rpm:\"java-1_5_0-ibm-fonts~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-jdbc\", rpm:\"java-1_5_0-ibm-jdbc~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-ibm-plugin\", rpm:\"java-1_5_0-ibm-plugin~1.5.0_sr9~2.8\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1103", "CVE-2009-1107"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65307", "href": "http://plugins.openvas.org/nasl.php?oid=65307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5050060.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java 5 JRE and IBM Java 5 SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5050060 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65307);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1107\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava5-JRE\", rpm:\"IBMJava5-JRE~1.5.0~0.64\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:52", "description": "The remote host is missing an update to lcms\nannounced via advisory USN-744-1.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-744-1 (lcms)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-0921", "CVE-2009-1097", "CVE-2009-0928", "CVE-2009-0207", "CVE-2009-0626", "CVE-2009-0723", "CVE-2008-4316", "CVE-2009-0637", "CVE-2009-0629", "CVE-2009-0628", "CVE-2009-0784", "CVE-2009-1100", "CVE-2009-0635", "CVE-2009-0927", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0193", "CVE-2009-0920", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0633", "CVE-2009-0581", "CVE-2009-0634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64170", "href": "http://plugins.openvas.org/nasl.php?oid=64170", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_744_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_744_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-744-1 (lcms)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n liblcms1 1.13-1ubuntu0.2\n\nUbuntu 7.10:\n liblcms1 1.16-5ubuntu3.2\n python-liblcms 1.16-5ubuntu3.2\n\nUbuntu 8.04 LTS:\n liblcms1 1.16-7ubuntu1.2\n python-liblcms 1.16-7ubuntu1.2\n\nUbuntu 8.10:\n liblcms1 1.16-10ubuntu0.2\n python-liblcms 1.16-10ubuntu0.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-744-1\";\n\ntag_insight = \"Chris Evans discovered that LittleCMS did not properly handle certain error\nconditions, resulting in a large memory leak. If a user or automated system\nwere tricked into processing an image with malicious ICC tags, a remote\nattacker could cause a denial of service. (CVE-2009-0581)\n\nChris Evans discovered that LittleCMS contained multiple integer overflows.\nIf a user or automated system were tricked into processing an image with\nmalicious ICC tags, a remote attacker could crash applications linked\nagainst liblcms1, leading to a denial of service, or possibly execute\narbitrary code with user privileges. (CVE-2009-0723)\n\nChris Evans discovered that LittleCMS did not properly perform bounds\nchecking, leading to a buffer overflow. If a user or automated system were\ntricked into processing an image with malicious ICC tags, a remote attacker\ncould execute arbitrary code with user privileges. (CVE-2009-0733)\";\ntag_summary = \"The remote host is missing an update to lcms\nannounced via advisory USN-744-1.\";\n\n \n\n\nif(description)\n{\n script_id(64170);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-0927\", \"CVE-2009-0207\", \"CVE-2009-0928\", \"CVE-2009-0193\", \"CVE-2009-0629\", \"CVE-2009-0626\", \"CVE-2009-0628\", \"CVE-2009-0635\", \"CVE-2009-0633\", \"CVE-2009-0634\", \"CVE-2009-0637\", \"CVE-2009-0784\", \"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-744-1 (lcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-744-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"systemtap\", ver:\"0.0.20080705-1+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:18", "description": "The remote host is missing an update to gs-gpl\nannounced via advisory USN-743-1.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Ubuntu USN-743-1 (gs-gpl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1095", "CVE-2009-1093", "CVE-2009-0733", "CVE-2009-1096", "CVE-2008-5239", "CVE-2009-0921", "CVE-2009-1097", "CVE-2009-0928", "CVE-2009-0207", "CVE-2009-0626", "CVE-2009-0723", "CVE-2008-4316", "CVE-2009-0637", "CVE-2009-0629", "CVE-2009-0584", "CVE-2009-0628", "CVE-2009-0784", "CVE-2009-1100", "CVE-2009-0583", "CVE-2009-0635", "CVE-2009-0927", "CVE-2009-1098", "CVE-2009-0698", "CVE-2009-1094", "CVE-2006-2426", "CVE-2009-0193", "CVE-2009-0920", "CVE-2008-1036", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-0633", "CVE-2009-0581", "CVE-2009-0634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64169", "href": "http://plugins.openvas.org/nasl.php?oid=64169", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_743_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_743_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-743-1 (gs-gpl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gs-gpl 8.15-4ubuntu3.2\n\nUbuntu 7.10:\n libgs8 8.61.dfsg.1~svn8187-0ubuntu3.5\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.1\n\nUbuntu 8.10:\n libgs8 8.63.dfsg.1-0ubuntu6.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-743-1\";\n\ntag_insight = \"It was discovered that Ghostscript contained multiple integer overflows in\nits ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript file, an attacker could cause a\ndenial of service or execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2009-0583)\n\nIt was discovered that Ghostscript did not properly perform bounds checking\nin its ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript file, an attacker could cause a\ndenial of service or execute arbitrary code with privileges of the user\ninvoking the program. (CVE-2009-0584)\";\ntag_summary = \"The remote host is missing an update to gs-gpl\nannounced via advisory USN-743-1.\";\n\n \n\n\nif(description)\n{\n script_id(64169);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-0583\", \"CVE-2009-0584\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0920\", \"CVE-2009-0921\", \"CVE-2009-0927\", \"CVE-2009-0207\", \"CVE-2009-0928\", \"CVE-2009-0193\", \"CVE-2009-0629\", \"CVE-2009-0626\", \"CVE-2009-0628\", \"CVE-2009-0635\", \"CVE-2009-0633\", \"CVE-2009-0634\", \"CVE-2009-0637\", \"CVE-2009-0784\", \"CVE-2009-0698\", \"CVE-2008-5239\", \"CVE-2008-1036\", \"CVE-2008-4316\", \"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-743-1 (gs-gpl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-743-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.15-4ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.15-4ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1~svn8187-0ubuntu3.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1-1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.63.dfsg.1-0ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.13-1ubuntu0.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-5ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.16-7ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1-dev\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms1\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblcms-utils\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-liblcms\", ver:\"1.17.dfsg-1+lenny2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"systemtap\", ver:\"0.0.20080705-1+lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-main1\", ver:\"1.1.1+ubuntu2-7.11\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.7-1ubuntu1.5\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.11.1-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-doc\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-all-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-bin\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-console\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-dbg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-ffmpeg\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-gnome\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-misc-plugins\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1-x\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.1.15-0ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34-dev\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu34\", ver:\"3.4.1a-1ubuntu1.6.06.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36-dev\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu36\", ver:\"3.6-3ubuntu0.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8-6ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icu-doc\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lib32icu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu-dev\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38-dbg\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libicu38\", ver:\"3.8.1-2ubuntu0.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:20", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066345", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066345", "sourceData": "#\n#VID slesp2-java-1_4_2-ibm-6648\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66345\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:48", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java2 and SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066344", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066344", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5063230.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBM Java2 and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66344\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for IBM Java2 and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2_sr13.2~0.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66348", "href": "http://plugins.openvas.org/nasl.php?oid=66348", "sourceData": "#\n#VID 078e3d197ce1488682c8fe5574f20e9b\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=551829\");\n script_id(66348);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:23", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES9: Security update for IBM Java2 and SDK", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66344", "href": "http://plugins.openvas.org/nasl.php?oid=66344", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5063230.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBM Java2 and SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-JRE\n IBMJava2-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5063230 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(66344);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for IBM Java2 and SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-JRE\", rpm:\"IBMJava2-JRE~1.4.2_sr13.2~0.7\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66345", "href": "http://plugins.openvas.org/nasl.php?oid=66345", "sourceData": "#\n#VID slesp2-java-1_4_2-ibm-6648\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-devel\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66345);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-devel\", rpm:\"java-1_4_2-ibm-devel~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.4.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:31", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.4.2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1100"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066348", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066348", "sourceData": "#\n#VID 078e3d197ce1488682c8fe5574f20e9b\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.4.2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_4_2-ibm\n java-1_4_2-ibm-jdbc\n java-1_4_2-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=551829\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66348\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-1100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for IBM Java 1.4.2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm\", rpm:\"java-1_4_2-ibm~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-jdbc\", rpm:\"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_4_2-ibm-plugin\", rpm:\"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:50", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2009-1107", "CVE-2008-5351", "CVE-2009-1719"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102042", "href": "http://plugins.openvas.org/nasl.php?oid=102042", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT3632\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 4.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102042);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\",\"CVE-2009-1107\",\"CVE-2008-5352\",\"CVE-2008-5356\",\"CVE-2008-5353\",\"CVE-2008-5354\",\"CVE-2008-5357\",\"CVE-2008-5339\",\"CVE-2009-1104\",\"CVE-2008-5360\",\"CVE-2008-5344\",\"CVE-2008-5345\",\"CVE-2008-5346\",\"CVE-2009-1103\",\"CVE-2008-5347\",\"CVE-2008-5348\",\"CVE-2008-5349\",\"CVE-2008-5350\",\"CVE-2008-5351\",\"CVE-2009-1100\",\"CVE-2009-1101\",\"CVE-2009-1099\",\"CVE-2009-1098\",\"CVE-2009-1097\",\"CVE-2009-1095\",\"CVE-2009-1096\",\"CVE-2009-1094\",\"CVE-2009-1093\",\"CVE-2008-5341\",\"CVE-2008-5359\",\"CVE-2008-5342\",\"CVE-2008-5340\",\"CVE-2008-2086\",\"CVE-2008-5343\",\"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:46:56", "description": "The remote host is missing Java for Mac OS X 10.5 Update 4.", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5344", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2008-5346", "CVE-2009-1096", "CVE-2008-5339", "CVE-2009-1099", "CVE-2009-1097", "CVE-2008-5341", "CVE-2008-5340", "CVE-2008-5359", "CVE-2008-5349", "CVE-2008-5343", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5357", "CVE-2008-5360", "CVE-2008-5356", "CVE-2008-2086", "CVE-2009-1100", "CVE-2008-5342", "CVE-2008-5353", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-1106", "CVE-2008-5350", "CVE-2009-1103", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5354", "CVE-2009-1101", "CVE-2009-1107", "CVE-2008-5351", "CVE-2009-1719"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310102042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102042", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 4\n#\n# LSS-NVT-2010-031\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102042\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2008-5352\", \"CVE-2008-5356\", \"CVE-2008-5353\",\n \"CVE-2008-5354\", \"CVE-2008-5357\", \"CVE-2008-5339\", \"CVE-2009-1104\", \"CVE-2008-5360\",\n \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2009-1103\", \"CVE-2008-5347\",\n \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2009-1100\",\n \"CVE-2009-1101\", \"CVE-2009-1099\", \"CVE-2009-1098\", \"CVE-2009-1097\", \"CVE-2009-1095\",\n \"CVE-2009-1096\", \"CVE-2009-1094\", \"CVE-2009-1093\", \"CVE-2008-5341\", \"CVE-2008-5359\",\n \"CVE-2008-5342\", \"CVE-2008-5340\", \"CVE-2008-2086\", \"CVE-2008-5343\", \"CVE-2009-1719\");\n script_name(\"Java for Mac OS X 10.5 Update 4\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3632\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 4.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:39:19", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-06-15T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1379", "CVE-2009-1099", "CVE-2009-1377", "CVE-2009-0792", "CVE-2009-1268", "CVE-2009-1266", "CVE-2007-6725", "CVE-2009-0688", "CVE-2009-1100", "CVE-2009-1210", "CVE-2009-1378", "CVE-2008-6679", "CVE-2009-1492", "CVE-2009-0159", "CVE-2008-6123", "CVE-2009-1098", "CVE-2009-1267", "CVE-2009-1094", "CVE-2009-1274", "CVE-2009-1269", "CVE-2009-0241", "CVE-2009-1103", "CVE-2009-1364", "CVE-2007-5400", "CVE-2009-1252", "CVE-2009-1107", "CVE-2009-1493"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064196", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:011\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64196\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2007-5400\", \"CVE-2007-6725\", \"CVE-2008-6123\", \"CVE-2008-6679\", \"CVE-2009-0159\", \"CVE-2009-0196\", \"CVE-2009-0241\", \"CVE-2009-0688\", \"CVE-2009-0792\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\", \"CVE-2009-1210\", \"CVE-2009-1252\", \"CVE-2009-1266\", \"CVE-2009-1267\", \"CVE-2009-1268\", \"CVE-2009-1269\", \"CVE-2009-1274\", \"CVE-2009-1364\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1492\", \"CVE-2009-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_security2\", rpm:\"apache2-mod_security2~2.5.6~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~437.37.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm\", rpm:\"gdbm~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm-devel\", rpm:\"gdbm-devel~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.23_0.1~6.6.20\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-browse0\", rpm:\"libpulse-browse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-devel\", rpm:\"libpulse-devel~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-mainloop-glib0\", rpm:\"libpulse-mainloop-glib0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse0\", rpm:\"libpulse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.23_0.1~0.1.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.1~10.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango\", rpm:\"pango~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-devel\", rpm:\"pango-devel~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-doc\", rpm:\"pango-doc~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-module-thai-lang\", rpm:\"pango-module-thai-lang~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-lang\", rpm:\"pulseaudio-lang~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.24~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~51.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.4~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.4~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.4~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.4~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.4~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.4~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~413.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.4~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.4~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.4~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.4~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.4~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.4~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.4~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.4~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.4~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.4~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.4~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~11.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~376.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:54", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-06-15T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0196", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-1379", "CVE-2009-1099", "CVE-2009-1377", "CVE-2009-0792", "CVE-2009-1268", "CVE-2009-1266", "CVE-2007-6725", "CVE-2009-0688", "CVE-2009-1100", "CVE-2009-1210", "CVE-2009-1378", "CVE-2008-6679", "CVE-2009-1492", "CVE-2009-0159", "CVE-2008-6123", "CVE-2009-1098", "CVE-2009-1267", "CVE-2009-1094", "CVE-2009-1274", "CVE-2009-1269", "CVE-2009-0241", "CVE-2009-1103", "CVE-2009-1364", "CVE-2007-5400", "CVE-2009-1252", "CVE-2009-1107", "CVE-2009-1493"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64196", "href": "http://plugins.openvas.org/nasl.php?oid=64196", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_011.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:011\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:011. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(64196);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2007-5400\", \"CVE-2007-6725\", \"CVE-2008-6123\", \"CVE-2008-6679\", \"CVE-2009-0159\", \"CVE-2009-0196\", \"CVE-2009-0241\", \"CVE-2009-0688\", \"CVE-2009-0792\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\", \"CVE-2009-1210\", \"CVE-2009-1252\", \"CVE-2009-1266\", \"CVE-2009-1267\", \"CVE-2009-1268\", \"CVE-2009-1269\", \"CVE-2009-1274\", \"CVE-2009-1364\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1492\", \"CVE-2009-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:011\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_security2\", rpm:\"apache2-mod_security2~2.5.6~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.23_0.1~1.32.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.23_0.1~1.7.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~182.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.23_0.1~1.49.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~437.37.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.23_0.1~1.19.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~172.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm\", rpm:\"gdbm~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gdbm-devel\", rpm:\"gdbm-devel~1.8.3~371.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.23_0.1~2.40.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.23_0.1~89.11.12\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.23~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.23_0.1~2.1.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.23_0.1~6.6.20\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-browse0\", rpm:\"libpulse-browse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-devel\", rpm:\"libpulse-devel~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse-mainloop-glib0\", rpm:\"libpulse-mainloop-glib0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpulse0\", rpm:\"libpulse0~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.13.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.23_0.1~0.1.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-client\", rpm:\"nfs-client~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-doc\", rpm:\"nfs-doc~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-kernel-server\", rpm:\"nfs-kernel-server~1.1.3~18.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.23_0.1~21.15.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.1~10.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.23_0.1~2.36.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango\", rpm:\"pango~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-devel\", rpm:\"pango-devel~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-doc\", rpm:\"pango-doc~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pango-module-thai-lang\", rpm:\"pango-module-thai-lang~1.22.1~2.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.23_0.1~227.56.10\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio\", rpm:\"pulseaudio~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-esound-compat\", rpm:\"pulseaudio-esound-compat~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-lang\", rpm:\"pulseaudio-lang~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-bluetooth\", rpm:\"pulseaudio-module-bluetooth~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-gconf\", rpm:\"pulseaudio-module-gconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-jack\", rpm:\"pulseaudio-module-jack~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-lirc\", rpm:\"pulseaudio-module-lirc~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-x11\", rpm:\"pulseaudio-module-x11~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-module-zeroconf\", rpm:\"pulseaudio-module-zeroconf~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pulseaudio-utils\", rpm:\"pulseaudio-utils~0.9.14~2.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.10~17.30.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.2.1~5.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.25.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.24.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.23_0.1~2.8.32\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.24~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.23_0.1~5.50.25\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_16~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~51.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acerhk-kmp-debug\", rpm:\"acerhk-kmp-debug~0.5.35_2.6.25.20_0.4~98.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acx-kmp-debug\", rpm:\"acx-kmp-debug~20080210_2.6.25.20_0.4~3.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"appleir-kmp-debug\", rpm:\"appleir-kmp-debug~1.1_2.6.25.20_0.4~108.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"at76_usb-kmp-debug\", rpm:\"at76_usb-kmp-debug~0.17_2.6.25.20_0.4~2.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"atl2-kmp-debug\", rpm:\"atl2-kmp-debug~2.0.4_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20080429_2.6.25.20_0.4~13.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-ntlm\", rpm:\"cyrus-sasl-ntlm~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~140.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.4.4_2.6.25.20_0.4~42.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~413.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.6_2.6.25.20_0.4~0.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~162.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gspcav-kmp-debug\", rpm:\"gspcav-kmp-debug~01.00.20_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.25.20_0.4~63.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ivtv-kmp-debug\", rpm:\"ivtv-kmp-debug~1.0.3_2.6.25.20_0.4~66.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.25.20~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.3.0pre11_2.6.25.20_0.4~7.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nouveau-kmp-debug\", rpm:\"nouveau-kmp-debug~0.10.1.20081112_2.6.25.20_0.4~0.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"omnibook-kmp-debug\", rpm:\"omnibook-kmp-debug~20080313_2.6.25.20_0.4~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcc-acpi-kmp-debug\", rpm:\"pcc-acpi-kmp-debug~0.9_2.6.25.20_0.4~4.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.25.20_0.4~207.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~59.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~77.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tpctl-kmp-debug\", rpm:\"tpctl-kmp-debug~4.17_2.6.25.20_0.4~189.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"uvcvideo-kmp-debug\", rpm:\"uvcvideo-kmp-debug~r200_2.6.25.20_0.4~2.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~1.5.6_2.6.25.20_0.4~33.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.04.14_2.6.25.20_0.4~21.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.12\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wlan-ng-kmp-debug\", rpm:\"wlan-ng-kmp-debug~0.2.8_2.6.25.20_0.4~107.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"RealPlayer\", rpm:\"RealPlayer~10.0.9~11.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.5~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.24\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl\", rpm:\"cyrus-sasl~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-crammd5\", rpm:\"cyrus-sasl-crammd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-devel\", rpm:\"cyrus-sasl-devel~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-digestmd5\", rpm:\"cyrus-sasl-digestmd5~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-gssapi\", rpm:\"cyrus-sasl-gssapi~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-otp\", rpm:\"cyrus-sasl-otp~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-sasl-plain\", rpm:\"cyrus-sasl-plain~2.1.22~82.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dos2unix\", rpm:\"dos2unix~3.1~376.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core\", rpm:\"ganglia-monitor-core~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-devel\", rpm:\"ganglia-monitor-core-devel~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmetad\", rpm:\"ganglia-monitor-core-gmetad~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-monitor-core-gmond\", rpm:\"ganglia-monitor-core-gmond~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ganglia-webfrontend\", rpm:\"ganglia-webfrontend~2.5.7~99.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-bigsmp\", rpm:\"kernel-bigsmp~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xenpae\", rpm:\"kernel-xenpae~2.6.22.19~0.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8e~45.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"optipng\", rpm:\"optipng~0.6.2~2.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~37.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.18\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-18T14:21:46", "description": "It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain generated code. If a user were tricked into running a malicious applet a remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/36366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-748-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36366);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34240);\n script_xref(name:\"USN\", value:\"748-1\");\n\n script_name(english:\"Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that font creation could leak temporary files. If a\nuser were tricked into loading a malicious program or applet, a remote\nattacker could consume disk space, leading to a denial of service.\n(CVE-2006-2426, CVE-2009-1100)\n\nIt was discovered that the lightweight HttpServer did not correctly\nclose files on dataless connections. A remote attacker could send\nspecially crafted requests, leading to a denial of service.\n(CVE-2009-1101)\n\nThe Java Runtime Environment did not correctly validate certain\ngenerated code. If a user were tricked into running a malicious applet\na remote attacker could execute arbitrary code. (CVE-2009-1102)\n\nIt was discovered that LDAP connections did not close correctly. A\nremote attacker could send specially crafted requests, leading to a\ndenial of service. (CVE-2009-1093)\n\nJava LDAP routines did not unserialize certain data correctly. A\nremote attacker could send specially crafted requests that could lead\nto arbitrary code execution. (CVE-2009-1094)\n\nJava did not correctly check certain JAR headers. If a user or\nautomated system were tricked into processing a malicious JAR file, a\nremote attacker could crash the application, leading to a denial of\nservice. (CVE-2009-1095, CVE-2009-1096)\n\nIt was discovered that PNG and GIF decoding in Java could lead to\nmemory corruption. If a user or automated system were tricked into\nprocessing a specially crafted image, a remote attacker could crash\nthe application, leading to a denial of service. (CVE-2009-1097,\nCVE-2009-1098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/748-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b12-0ubuntu6.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea6-plugin / openjdk-6-dbg / openjdk-6-demo / openjdk-6-doc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:57", "description": "From Red Hat Security Advisory 2009:0377 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/67831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0377 and \n# Oracle Linux Security Advisory ELSA-2009-0377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67831);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0377 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-April/000953.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:05", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-04-08T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/36111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0377. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36111);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1102\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0377\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0377\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:43:41", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-0377.NASL", "href": "https://www.tenable.com/plugins/nessus/43736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0377 and \n# CentOS Errata and Security Advisory 2009:0377 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43736);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\", \"CVE-2009-1102\");\n script_bugtraq_id(34185, 34240);\n script_xref(name:\"RHSA\", value:\"2009:0377\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way that the Java Virtual Machine (JVM)\nhandled temporary font files. A malicious applet could use this flaw\nto use large amounts of disk space, causing a denial of service.\n(CVE-2006-2426)\n\nA memory leak flaw was found in LittleCMS (embedded in OpenJDK). An\napplication using color profiles could use excessive amounts of\nmemory, and possibly crash after using all available memory, if used\nto open specially crafted images. (CVE-2009-0581)\n\nMultiple integer overflow flaws which could lead to heap-based buffer\noverflows, as well as multiple insufficient input validation flaws,\nwere found in the way LittleCMS handled color profiles. An attacker\ncould use these flaws to create a specially crafted image file which\ncould cause a Java application to crash or, possibly, execute\narbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)\n\nA NULL pointer dereference flaw was found in LittleCMS. An application\nusing color profiles could crash while converting a specially crafted\nimage file. (CVE-2009-0793)\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling could allow a remote attacker to cause a denial of service on\nthe server application hosting the JAX-WS service endpoint.\n(CVE-2009-1101)\n\nA flaw in the way the Java Runtime Environment initialized LDAP\nconnections could allow a remote, authenticated user to cause a denial\nof service on the LDAP service. (CVE-2009-1093)\n\nA flaw in the Java Runtime Environment LDAP client could allow\nmalicious data from an LDAP server to cause arbitrary code to be\nloaded and then run on an LDAP client. (CVE-2009-1094)\n\nSeveral buffer overflow flaws were found in the Java Runtime\nEnvironment unpack200 functionality. An untrusted applet could extend\nits privileges, allowing it to read and write local files, as well as\nto execute local applications with the privileges of the user running\nthe applet. (CVE-2009-1095, CVE-2009-1096)\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nfunctionality could allow untrusted applets to extend their\nprivileges. An untrusted applet could extend its privileges, allowing\nit to read and write local files, as well as execute local\napplications with the privileges of the user running the applet.\n(CVE-2009-1102)\n\nA buffer overflow flaw was found in the splash screen processing. A\nremote attacker could extend privileges to read and write local files,\nas well as to execute local applications with the privileges of the\nuser running the java process. (CVE-2009-1097)\n\nA buffer overflow flaw was found in how GIF images were processed. A\nremote attacker could extend privileges to read and write local files,\nas well as execute local applications with the privileges of the user\nrunning the java process. (CVE-2009-1098)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-1095,\nCVE-2009-1096, and CVE-2009-1102, can only be triggered in\njava-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015734.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acd4c7e9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-April/015735.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db5eb3c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:24", "description": "Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform.\n\n - CVE-2006-2426 Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition.\n\n - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793\n\n Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581 ), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer dereference, leading to denial of service (CVE-2009-0793 ).\n\n - CVE-2009-1093 The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition.\n\n - CVE-2009-1094 The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client.\n\n - CVE-2009-1101 The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability.\n\n - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098\n\n Several issues in Java Web Start have been addressed.\n The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless.", "cvss3": {}, "published": "2009-04-13T00:00:00", "type": "nessus", "title": "Debian DSA-1769-1 : openjdk-6 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1769.NASL", "href": "https://www.tenable.com/plugins/nessus/36142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1769. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36142);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-0581\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0793\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1101\");\n script_bugtraq_id(34185, 34240, 34411);\n script_xref(name:\"DSA\", value:\"1769\");\n\n script_name(english:\"Debian DSA-1769-1 : openjdk-6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.\n\n - CVE-2006-2426\n Creation of large, temporary fonts could use up\n available disk space, leading to a denial of service\n condition.\n\n - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 /\n CVE-2009-0793\n\n Several vulnerabilities existed in the embedded\n LittleCMS library, exploitable through crafted images: a\n memory leak, resulting in a denial of service condition\n (CVE-2009-0581 ), heap-based buffer overflows,\n potentially allowing arbitrary code execution\n (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer\n dereference, leading to denial of service (CVE-2009-0793\n ).\n\n - CVE-2009-1093\n The LDAP server implementation (in com.sun.jdni.ldap)\n did not properly close sockets if an error was\n encountered, leading to a denial-of-service condition.\n\n - CVE-2009-1094\n The LDAP client implementation (in com.sun.jdni.ldap)\n allowed malicious LDAP servers to execute arbitrary code\n on the client.\n\n - CVE-2009-1101\n The HTTP server implementation (sun.net.httpserver)\n contained an unspecified denial of service\n vulnerability.\n\n - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 /\n CVE-2009-1098\n\n Several issues in Java Web Start have been addressed.\n The Debian packages currently do not support Java Web\n Start, so these issues are not directly exploitable, but\n the relevant code has been updated nevertheless.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1769\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-dbg\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-demo\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-doc\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jdk\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b11-9.1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"openjdk-6-source\", reference:\"6b11-9.1+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:04", "description": "Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK :\n\nA memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK :\n\nA flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation allows remote attackers to execute arbitrary code via a crafted applet (CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nUpdate :\n\njava-1.6.0-openjdk requires rhino packages and these has been further updated.", "cvss3": {}, "published": "2009-06-21T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-0794", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:java-1.6.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src", "p-cpe:/a:mandriva:linux:rhino", "p-cpe:/a:mandriva:linux:rhino-demo", "p-cpe:/a:mandriva:linux:rhino-javadoc", "p-cpe:/a:mandriva:linux:rhino-manual", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-137.NASL", "href": "https://www.tenable.com/plugins/nessus/39478", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:137. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39478);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-0581\",\n \"CVE-2009-0723\",\n \"CVE-2009-0733\",\n \"CVE-2009-0793\",\n \"CVE-2009-0794\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\"\n );\n script_bugtraq_id(\n 34185,\n 34240,\n 34411\n );\n script_xref(name:\"MDVSA\", value:\"2009:137\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities has been identified and fixed in\nLittle cms library embedded in OpenJDK :\n\nA memory leak flaw allows remote attackers to cause a denial of\nservice (memory consumption and application crash) via a crafted image\nfile (CVE-2009-0581).\n\nMultiple integer overflows allow remote attackers to execute arbitrary\ncode via a crafted image file that triggers a heap-based buffer\noverflow (CVE-2009-0723).\n\nMultiple stack-based buffer overflows allow remote attackers to\nexecute arbitrary code via a crafted image file associated with a\nlarge integer value for the (1) input or (2) output channel\n(CVE-2009-0733).\n\nA flaw in the transformations of monochrome profiles allows remote\nattackers to cause denial of service triggered by a NULL pointer\ndereference via a crafted image file (CVE-2009-0793).\n\nFurther security fixes in the JRE and in the Java API of OpenJDK :\n\nA flaw in handling temporary font files by the Java Virtual Machine\n(JVM) allows remote attackers to cause denial of service\n(CVE-2006-2426).\n\nAn integer overflow flaw was found in Pulse-Java when handling Pulse\naudio source data lines. An attacker could use this flaw to cause an\napplet to crash, leading to a denial of service (CVE-2009-0794).\n\nA flaw in Java Runtime Environment initialized LDAP connections allows\nauthenticated remote users to cause denial of service on the LDAP\nservice (CVE-2009-1093).\n\nA flaw in the Java Runtime Environment LDAP client in handling server\nLDAP responses allows remote attackers to execute arbitrary code on\nthe client side via malicious server response (CVE-2009-1094).\n\nBuffer overflows in the the Java Runtime Environment unpack200 utility\nallow remote attackers to execute arbitrary code via an crafted applet\n(CVE-2009-1095, CVE-2009-1096).\n\nA buffer overflow in the splash screen processing allows a attackers\nto execute arbitrary code (CVE-2009-1097).\n\nA buffer overflow in GIF images handling allows remote attackers to\nexecute arbitrary code via an crafted GIF image (CVE-2009-1098).\n\nA flaw in the Java API for XML Web Services (JAX-WS) service endpoint\nhandling allows remote attackers to cause a denial of service on the\nservice endpoint's server side (CVE-2009-1101).\n\nA flaw in the Java Runtime Environment Virtual Machine code generation\nallows remote attackers to execute arbitrary code via a crafted applet\n(CVE-2009-1102).\n\nThis update provides fixes for these issues.\n\nUpdate :\n\njava-1.6.0-openjdk requires rhino packages and these has been further\nupdated.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rhino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rhino-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rhino-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rhino-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rhino-1.7-0.0.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rhino-demo-1.7-0.0.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rhino-javadoc-1.7-0.0.2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rhino-manual-1.7-0.0.2.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rhino-1.7-0.0.3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rhino-demo-1.7-0.0.3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rhino-javadoc-1.7-0.0.3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"rhino-manual-1.7-0.0.3.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:39", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64829);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affected the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18, SDK\n/ JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if necessary,\nany affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:36", "description": "Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0392.NASL", "href": "https://www.tenable.com/plugins/nessus/40741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40741);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0392\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment\nand the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102,\nCVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,\nCVE-2009-1107)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0392\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.13-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:31", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0394.NASL", "href": "https://www.tenable.com/plugins/nessus/40742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0394. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40742);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:0394\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment\nand the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099,\nCVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?025abcaa\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0394\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:13", "description": "This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section.\n\nAll running instances of Sun Java must be restarted for the update to take effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's are signed with the usual signature.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60555);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section.\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\n\nNote: jdk-1.6.0_13-fcs.x86_64.rpm could not be signed. All other rpm's\nare signed with the usual signature.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=467\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94b61170\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.13-1.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_13-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:05", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues :\n\n - A denial of service vulnerability affects the JRE LDAP implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities related to the storing and processing of temporary font files. (254608)\n\n - A privilege-escalation vulnerability affects the Java Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded from the localhost to connect to arbitrary ports on the local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious JavaScript code to exploit vulnerabilities in earlier versions of the JRE that have been loaded by an applet located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing 'crossdomain.xml' allows an untrusted applet to connect to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP server implementation, which could be used to cause a denial of service on a JAX-WS service endpoint. (254609)", "cvss3": {}, "published": "2009-03-27T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_254569.NASL", "href": "https://www.tenable.com/plugins/nessus/36034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36034);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2006-2426\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\"\n );\n script_bugtraq_id(34240);\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 /\n1.3.1_25. Such versions are potentially affected by the following\nsecurity issues :\n\n - A denial of service vulnerability affects the JRE LDAP\n implementation. (254569).\n\n - A remote code execution vulnerability in the JRE LDAP\n implementation may allow for arbitrary code to be run in\n the context of the affected LDAP client. (254569)\n\n - There are multiple integer and buffer overflow\n vulnerabilities when unpacking applets and Java Web\n Start applications using the 'unpack2000' utility.\n (254570)\n\n - There are multiple denial of service vulnerabilities\n related to the storing and processing of temporary font\n files. (254608)\n\n - A privilege-escalation vulnerability affects the Java\n Plug-in when deserializing applets. (254611)\n\n - A weakness in the Java Plug-in allows JavaScript loaded\n from the localhost to connect to arbitrary ports on the\n local system. (254611)\n\n - A vulnerability in the Java Plug-in allows malicious\n JavaScript code to exploit vulnerabilities in earlier\n versions of the JRE that have been loaded by an applet\n located on the same web page. (254611)\n\n - An issue exists in the Java Plug-in when parsing\n 'crossdomain.xml' allows an untrusted applet to connect\n to an arbitrary site hosting a 'crossdomain.xml' file.\n (254611)\n\n - The Java Plug-in allows a malicious signed applet to\n obscure the contents of a security dialog. (254611)\n\n - The JRE Virtual Machine is affected by a\n privilege-escalation vulnerability. (254610)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of PNG and GIF images.\n (254571)\n\n - There are multiple buffer overflow vulnerabilities\n involving the JRE's processing of fonts. (254571)\n\n - A denial of service vulnerability affects the JRE HTTP\n server implementation, which could be used to cause a\n denial of service on a JAX-WS service endpoint. (254609)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020224.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020225.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020226.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020228.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020229.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020230.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020231.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/6u13-142696.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html\");\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-142120.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2825206\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 13, JDK / JRE 5.0 Update 18,\nSDK / JRE 1.4.2_20, or SDK / JRE 1.3.1_25 or later and remove, if\nnecessary, any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-2])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-7])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-4]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_13 / 1.5.0_18 / 1.4.2_20 / 1.3.1_25\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:35", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871. (CVE-2009-1107)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/41407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41407);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\n - LdapCtx in the LDAP service in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier; 6 Update 12 and earlier; SDK and JRE\n 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not\n close the connection when initialization fails, which\n allows remote attackers to cause a denial of service\n (LDAP service hang). (CVE-2009-1093)\n\n - Unspecified vulnerability in the LDAP implementation in\n Java SE Development Kit (JDK) and Java Runtime\n Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\n and earlier; SDK and JRE 1.3.1_24 and earlier; and\n 1.4.2_19 and earlier allows remote LDAP servers to\n execute arbitrary code via unknown vectors related to\n serialized data. (CVE-2009-1094)\n\n - Integer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1095)\n\n - Buffer overflow in unpack200 in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a JAR file with crafted Pack200 headers. (CVE-2009-1096)\n\n - Multiple buffer overflows in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 6 Update 12 and\n earlier allow remote attackers to access files or\n execute arbitrary code via a crafted (1) PNG image, aka\n CR 6804996, and (2) GIF image, aka CR 6804997.\n (CVE-2009-1097)\n\n - Buffer overflow in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier;\n and 1.3.1_24 and earlier allows remote attackers to\n access files or execute arbitrary code via a crafted GIF\n image, aka CR 6804998. (CVE-2009-1098)\n\n - Integer signedness error in Java SE Development Kit\n (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\n and earlier, and 6 Update 12 and earlier, allows remote\n attackers to access files or execute arbitrary code via\n a crafted Type1 font, which triggers a buffer overflow.\n (CVE-2009-1099)\n\n - Multiple unspecified vulnerabilities in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier, and 6 Update 12 and earlier,\n allow remote attackers to cause a denial of service\n (disk consumption) via vectors related to temporary font\n files and (1) 'limits on Font creation,' aka CR 6522586,\n and (2) another unspecified vector, aka CR 6632886.\n (CVE-2009-1100)\n\n - Unspecified vulnerability in the lightweight HTTP server\n implementation in Java SE Development Kit (JDK) and Java\n Runtime Environment (JRE) 6 Update 12 and earlier allows\n remote attackers to cause a denial of service (probably\n resource consumption) for a JAX-WS service endpoint via\n a connection without any data, which triggers a file\n descriptor 'leak.'. (CVE-2009-1101)\n\n - Unspecified vulnerability in the Virtual Machine in Java\n SE Development Kit (JDK) and Java Runtime Environment\n (JRE) 6 Update 12 and earlier allows remote attackers to\n access files and execute arbitrary code via unknown\n vectors related to 'code generation.'. (CVE-2009-1102)\n\n - Unspecified vulnerability in the Java Plug-in in Java SE\n Development Kit (JDK) and Java Runtime Environment (JRE)\n 5.0 Update 17 and earlier; 6 Update 12 and earlier;\n 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\n remote attackers to access files and execute arbitrary\n code via unknown vectors related to 'deserializing\n applets,' aka CR 6646860. (CVE-2009-1103)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 5.0 Update 17 and\n earlier; 6 Update 12 and earlier; and 1.4.2_19 and\n earlier does not prevent JavaScript that is loaded from\n the localhost from connecting to other ports on the\n system, which allows user-assisted attackers to bypass\n intended access restrictions via LiveConnect, aka CR\n 6724331. NOTE: this vulnerability can be leveraged with\n separate cross-site scripting (XSS) vulnerabilities for\n remote attack vectors. (CVE-2009-1104)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n allows user-assisted remote attackers to cause a trusted\n applet to run in an older JRE version, which can be used\n to exploit vulnerabilities in that older version, aka CR\n 6706490. (CVE-2009-1105)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12, 11, and 10\n does not properly parse crossdomain.xml files, which\n allows remote attackers to bypass intended access\n restrictions and connect to arbitrary sites via unknown\n vectors, aka CR 6798948. (CVE-2009-1106)\n\n - The Java Plug-in in Java SE Development Kit (JDK) and\n Java Runtime Environment (JRE) 6 Update 12 and earlier,\n and 5.0 Update 17 and earlier, allows remote attackers\n to trick a user into trusting a signed applet via\n unknown vectors that misrepresent the security warning\n dialog, related to a 'Swing JLabel HTML parsing\n vulnerability,' aka CR 6782871. (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 699.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:12", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_6_0-SUN-6128.NASL", "href": "https://www.tenable.com/plugins/nessus/36071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-6128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36071);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)\");\n script_summary(english:\"Check for the java-1_6_0-sun-6128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u12-1.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-src-1.6.0.u12-1.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:35", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-090328.NASL", "href": "https://www.tenable.com/plugins/nessus/40242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40242);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:32", "description": "The Sun JDK 6 was updated to Update13 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'code generation.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-SUN-090327.NASL", "href": "https://www.tenable.com/plugins/nessus/40003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40003);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)\");\n script_summary(english:\"Check for the java-1_6_0-sun-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 6 was updated to Update13 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1097: Multiple buffer overflows in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow\nremote attackers to access files or execute arbitrary code via a\ncrafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR\n6804997.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1101: Unspecified vulnerability in the lightweight HTTP\nserver implementation in Java SE Development Kit (JDK) and Java\nRuntime Environment (JRE) 6 Update 12 and earlier allows remote\nattackers to cause a denial of service (probably resource consumption)\nfor a JAX-WS service endpoint via a connection without any data, which\ntriggers a file descriptor 'leak.'\n\nCVE-2009-1102: Unspecified vulnerability in the Virtual Machine in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 6\nUpdate 12 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'code\ngeneration.'\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1105: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 allows\nuser-assisted remote attackers to cause a trusted applet to run in an\nolder JRE version, which can be used to exploit vulnerabilities in\nthat older version, aka CR 6706490.\n\nCVE-2009-1106: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12, 11, and 10 does not\nproperly parse crossdomain.xml files, which allows remote attackers to\nbypass intended access restrictions and connect to arbitrary sites via\nunknown vectors, aka CR 6798948.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=488926\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-src-1.6.0.u13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:07", "description": "IBM Java 6 SR 5 was released fixing various bugs and critical security issues :\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing PNG images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE) HTTP server implementation may allow a remote client to create a denial-of-service condition on a JAX-WS service endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched on an earlier version of the Java Runtime Environment (JRE) provided the user that downloaded the applet allows it to run on the requested release. A vulnerability allows JavaScript code that is present in the same web page as the applet to exploit known vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with parsing crossdomain.xml files may allow an untrusted applet to connect to any site that provides a crossdomain.xml file instead of sites that allow the domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-090629.NASL", "href": "https://www.tenable.com/plugins/nessus/41406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41406);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR 5 was released fixing various bugs and critical security\nissues :\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing PNG images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application may\n grant itself permissions to read and write local files\n or execute local applications that are accessible to the\n user running the untrusted application. (CVE-2009-1097)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing GIF images may allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing fonts may allow an untrusted\n applet or Java Web Start application to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1099)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with storing temporary font files may allow an untrusted\n applet or application to consume a disproportionate\n amount of disk space resulting in a denial-of-service\n condition. (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n HTTP server implementation may allow a remote client to\n create a denial-of-service condition on a JAX-WS service\n endpoint that runs on the JRE. (CVE-2009-1101)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - The Java Plug-in allows a trusted applet to be launched\n on an earlier version of the Java Runtime Environment\n (JRE) provided the user that downloaded the applet\n allows it to run on the requested release. A\n vulnerability allows JavaScript code that is present in\n the same web page as the applet to exploit known\n vulnerabilities of the requested JRE. (CVE-2009-1105)\n\n - A vulnerability in the Java Runtime Environment with\n parsing crossdomain.xml files may allow an untrusted\n applet to connect to any site that provides a\n crossdomain.xml file instead of sites that allow the\n domain that the applet is running on. (CVE-2009-1106)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=494536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=516361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1093.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1095.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1097.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1098.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1100.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1101.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1105.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1107.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1058.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0-124.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0-124.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:30", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR9-SSU Java release. All running instances of IBM Java must be restarted for this update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/40745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40745);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1038\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR9-SSU Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1038\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1038\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.5.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.5.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.9-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.9-1jpp.3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:23", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR5 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1198.NASL", "href": "https://www.tenable.com/plugins/nessus/40747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1198. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40747);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\");\n script_bugtraq_id(34240);\n script_xref(name:\"RHSA\", value:\"2009:1198\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098,\nCVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103,\nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR5 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1198\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1198\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.5-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.5-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:13", "description": "The Sun JDK 5 was updated to Update18 to fix various bugs and security issues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) 'limits on Font creation,' aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to 'deserializing applets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent JavaScript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a 'Swing JLabel HTML parsing vulnerability,' aka CR 6782871.", "cvss3": {}, "published": "2009-04-01T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_5_0-SUN-6125.NASL", "href": "https://www.tenable.com/plugins/nessus/36070", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-6125.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36070);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6125)\");\n script_summary(english:\"Check for the java-1_5_0-sun-6125 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun JDK 5 was updated to Update18 to fix various bugs and security\nissues.\n\nCVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6\nUpdate 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19\nand earlier does not close the connection when initialization fails,\nwhich allows remote attackers to cause a denial of service (LDAP\nservice hang).\n\nCVE-2009-1094: Unspecified vulnerability in the LDAP implementation in\nJava SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0\nUpdate 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24\nand earlier; and 1.4.2_19 and earlier allows remote LDAP servers to\nexecute arbitrary code via unknown vectors related to serialized data.\n\nCVE-2009-1095: Integer overflow in unpack200 in Java SE Development\nKit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and\nearlier, and 6 Update 12 and earlier, allows remote attackers to\naccess files or execute arbitrary code via a JAR file with crafted\nPack200 headers.\n\nCVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a JAR file with crafted Pack200 headers.\n\nCVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows\nremote attackers to access files or execute arbitrary code via a\ncrafted GIF image, aka CR 6804998.\n\nCVE-2009-1099: Integer signedness error in Java SE Development Kit\n(JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier,\nand 6 Update 12 and earlier, allows remote attackers to access files\nor execute arbitrary code via a crafted Type1 font, which triggers a\nbuffer overflow.\n\nCVE-2009-1100: Multiple unspecified vulnerabilities in Java SE\nDevelopment Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17\nand earlier, and 6 Update 12 and earlier, allow remote attackers to\ncause a denial of service (disk consumption) via vectors related to\ntemporary font files and (1) 'limits on Font creation,' aka CR\n6522586, and (2) another unspecified vector, aka CR 6632886.\n\nCVE-2009-1103: Unspecified vulnerability in the Java Plug-in in Java\nSE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update\n17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and\n1.3.1_24 and earlier allows remote attackers to access files and\nexecute arbitrary code via unknown vectors related to 'deserializing\napplets,' aka CR 6646860.\n\nCVE-2009-1104: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12\nand earlier; and 1.4.2_19 and earlier does not prevent JavaScript that\nis loaded from the localhost from connecting to other ports on the\nsystem, which allows user-assisted attackers to bypass intended access\nrestrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability\ncan be leveraged with separate cross-site scripting (XSS)\nvulnerabilities for remote attack vectors.\n\nCVE-2009-1107: The Java Plug-in in Java SE Development Kit (JDK) and\nJava Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update\n17 and earlier, allows remote attackers to trick a user into trusting\na signed applet via unknown vectors that misrepresent the security\nwarning dialog, related to a 'Swing JLabel HTML parsing\nvulnerability,' aka CR 6782871.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update18-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update18-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:08", "description": "The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in the Java Runtime Environment (JRE) with storing temporary font files may allow an untrusted applet or application to consume a disproportionate amount of disk space resulting in a denial-of-service condition.\n\n - A vulnerability in the Java Runtime Environment (JRE) with processing temporary font files may allow an untrusted applet or application to retain temporary files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing applets may allow an untrusted applet to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities in a blended attack to access other applications listening on ports other than the one where the JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE) with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client implementation may allow malicious data from an LDAP server to cause malicious code to be unexpectedly loaded and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed applets. A signed applet can obscure the contents of the dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime Environment (JRE) with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1095 / CVE-2009-1096)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2009-1098)\n\n - A buffer overflow vulnerability in the Java Runtime Environment with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2009-1099)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6253.NASL", "href": "https://www.tenable.com/plugins/nessus/41528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41528);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 6253)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update brings IBM Java 5 to SR9-SSU.\n\nIt fixes a lot of security issues: CVE-2009-1100: A vulnerability in\nthe Java Runtime Environment (JRE) with storing temporary font files\nmay allow an untrusted applet or application to consume a\ndisproportionate amount of disk space resulting in a denial-of-service\ncondition.\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with processing temporary font files may allow an\n untrusted applet or application to retain temporary\n files resulting in a denial-of-service condition.\n (CVE-2009-1100)\n\n - A vulnerability in the Java Plug-in with deserializing\n applets may allow an untrusted applet to escalate\n privileges. For example, an untrusted applet may grant\n itself permissions to read and write local files or\n execute local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-1103)\n\n - The Java Plug-in allows JavaScript code that is loaded\n from the localhost to connect to any port on the system.\n This may be leveraged together with XSS vulnerabilities\n in a blended attack to access other applications\n listening on ports other than the one where the\n JavaScript code was served from. (CVE-2009-1104)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with initializing LDAP connections may be exploited by a\n remote client to cause a denial-of-service condition on\n the LDAP service. (CVE-2009-1093)\n\n - A vulnerability in Java Runtime Environment LDAP client\n implementation may allow malicious data from an LDAP\n server to cause malicious code to be unexpectedly loaded\n and executed on an LDAP client. (CVE-2009-1094)\n\n - The Java Plugin displays a warning dialog for signed\n applets. A signed applet can obscure the contents of the\n dialog and trick a user into trusting the applet.\n (CVE-2009-1107)\n\n - Buffer overflow vulnerabilities in the Java Runtime\n Environment (JRE) with unpacking applets and Java Web\n Start applications using the unpack200 JAR unpacking\n utility may allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n may grant itself permissions to read and write local\n files or execute local applications that are accessible\n to the user running the untrusted applet. (CVE-2009-1095\n / CVE-2009-

[USN-748-1] OpenJDK vulnerabilities

Description

Related