The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues.
#### Solution
There is no known workaround, please install the update packages.
{"openvas": [{"lastseen": "2018-04-06T11:40:14", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:043.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064641", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064641", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_043.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun Java JRE /JDK 5 was updated to Update 20 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and\nJRE 5.0 before Update 20, allows remote attackers to discover the\nuser name of the account that invoked an untrusted (1) applet or (2)\nJava Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and\nJRE 5.0 before Update 20, does not prevent access to browser cookies\nby untrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended access\nrestrictions and connect to arbitrary sites via unspecified vectors,\nrelated to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or\n(2) Java Web Start application that grants permissions to itself,\nrelated to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in\nSDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or\nmodify arbitrary files via vectors involving an untrusted Java applet.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:043\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:043.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64641\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:12", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:043.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64641", "href": "http://plugins.openvas.org/nasl.php?oid=64641", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_043.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Sun Java JRE /JDK 5 was updated to Update 20 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and\nJRE 5.0 before Update 20, allows remote attackers to discover the\nuser name of the account that invoked an untrusted (1) applet or (2)\nJava Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and\nJRE 5.0 before Update 20, does not prevent access to browser cookies\nby untrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended access\nrestrictions and connect to arbitrary sites via unspecified vectors,\nrelated to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or\n(2) Java Web Start application that grants permissions to itself,\nrelated to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in\nSDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or\nmodify arbitrary files via vectors involving an untrusted Java applet.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:043\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:043.\";\n\n \n\nif(description)\n{\n script_id(64641);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:50", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1582.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1582", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66242", "href": "http://plugins.openvas.org/nasl.php?oid=66242", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1582.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1582 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1582.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66242);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1582\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1582.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:48", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1582.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1582", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066242", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066242", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1582.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1582 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1582.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66242\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1582\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1582.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.6~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.6~1jpp.3.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:35", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1236.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages\nmade available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of\nAugust 2009. These packages are being reissued as a Red Hat Security\nAdvisory as they fixed a number of security issues that were not made\npublic until after those errata were released. Since the packages are\nidentical, there is no need to install this update if RHEA-2009:1208 or\nRHEA-2009:1210 has already been installed.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1236", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64672", "href": "http://plugins.openvas.org/nasl.php?oid=64672", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1236.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1236 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1236.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages\nmade available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of\nAugust 2009. These packages are being reissued as a Red Hat Security\nAdvisory as they fixed a number of security issues that were not made\npublic until after those errata were released. Since the packages are\nidentical, there is no need to install this update if RHEA-2009:1208 or\nRHEA-2009:1210 has already been installed.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64672);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1236\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1236.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:57", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1236.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages\nmade available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of\nAugust 2009. These packages are being reissued as a Red Hat Security\nAdvisory as they fixed a number of security issues that were not made\npublic until after those errata were released. Since the packages are\nidentical, there is no need to install this update if RHEA-2009:1208 or\nRHEA-2009:1210 has already been installed.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1236", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064672", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064672", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1236.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1236 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1236.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages\nmade available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of\nAugust 2009. These packages are being reissued as a Red Hat Security\nAdvisory as they fixed a number of security issues that were not made\npublic until after those errata were released. Since the packages are\nidentical, there is no need to install this update if RHEA-2009:1208 or\nRHEA-2009:1210 has already been installed.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64672\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1236\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1236.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.10~1jpp.4.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.10~1jpp.4.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:42", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-0217", "CVE-2009-2493", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066230", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066230", "sourceData": "#\n#VID 27428b62b5ccd6ac2929bae4bea6f2dd\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=548655\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66230\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2676\", \"CVE-2009-2493\", \"CVE-2009-2670\", \"CVE-2009-0217\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2625\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:21", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for IBM Java 1.6.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-0217", "CVE-2009-2493", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66230", "href": "http://plugins.openvas.org/nasl.php?oid=66230", "sourceData": "#\n#VID 27428b62b5ccd6ac2929bae4bea6f2dd\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for IBM Java 1.6.0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_6_0-ibm\n java-1_6_0-ibm-alsa\n java-1_6_0-ibm-fonts\n java-1_6_0-ibm-jdbc\n java-1_6_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=548655\");\n script_id(66230);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2676\", \"CVE-2009-2493\", \"CVE-2009-2670\", \"CVE-2009-0217\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2625\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for IBM Java 1.6.0\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm\", rpm:\"java-1_6_0-ibm~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-alsa\", rpm:\"java-1_6_0-ibm-alsa~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-fonts\", rpm:\"java-1_6_0-ibm-fonts~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-jdbc\", rpm:\"java-1_6_0-ibm-jdbc~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-ibm-plugin\", rpm:\"java-1_6_0-ibm-plugin~1.6.0_sr6~1.1.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:29", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1199.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2689", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064589", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064589", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1199.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1199 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1199.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64589\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1199\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1199.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:46", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1199.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1199", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2689", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64589", "href": "http://plugins.openvas.org/nasl.php?oid=64589", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1199.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1199 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1199.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64589);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1199\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1199.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.20~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun\", rpm:\"java-1.5.0-sun~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-demo\", rpm:\"java-1.5.0-sun-demo~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-devel\", rpm:\"java-1.5.0-sun-devel~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-jdbc\", rpm:\"java-1.5.0-sun-jdbc~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-plugin\", rpm:\"java-1.5.0-sun-plugin~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-sun-src\", rpm:\"java-1.5.0-sun-src~1.5.0.20~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:16", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2689", "CVE-2009-2673", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310800867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800867\");\n script_version(\"2019-05-03T13:51:56+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 13:51:56 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\",\n \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2475\",\n \"CVE-2009-2689\");\n script_bugtraq_id(35939, 35943, 35944);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Aug09\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36159\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36162\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36180\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36199\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u15.html\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allows remote attacker to gain privileges via\n untrusted applet or Java Web Start application in the context of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20\");\n\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n if(version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-13T13:01:40", "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2689", "CVE-2009-2673", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800867", "href": "http://plugins.openvas.org/nasl.php?oid=800867", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_aug09.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20\n http://java.sun.com/javase/downloads/index.jsp\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n or\n Apply the patch from below link,\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation could allows remote attacker to gain privileges via\n untrusted applet or Java Web Start application in the context of the affected\n system.\n Impact Level: System/Application\";\ntag_affected = \"Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20\";\ntag_insight = \"Refer to the reference links for more information on the vulnerabilities.\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800867);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\",\n \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2475\",\n \"CVE-2009-2689\");\n script_bugtraq_id(35939, 35943, 35944);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Aug09\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36159\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36162\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36180\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36199\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u15.html\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Get KB for JDK Version On Windows\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n # Check for 1.5 < 1.5.0_20 (5 Update 20) or 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Get KB for JRE Version On Windows\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n # Get KB for JRE Version On Linux\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.5 < 1.5.0_20 (5 Update 20) or 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:41", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1200.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1200", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064590", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064590", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1200.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1200 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1200.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64590\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1200\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1200.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:29", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1200.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1200", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64590", "href": "http://plugins.openvas.org/nasl.php?oid=64590", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1200.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1200 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1200.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the Advance notification of Security\nUpdates for Java SE page from Sun Microsystems, listed in the References\nsection. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64590);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1200\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1200.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.15~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun\", rpm:\"java-1.6.0-sun~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-demo\", rpm:\"java-1.6.0-sun-demo~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-devel\", rpm:\"java-1.6.0-sun-devel~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-jdbc\", rpm:\"java-1.6.0-sun-jdbc~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-plugin\", rpm:\"java-1.6.0-sun-plugin~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-sun-src\", rpm:\"java-1.6.0-sun-src~1.6.0.15~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:46", "description": "The remote host is missing an update to openjdk-6\nannounced via advisory USN-814-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Ubuntu USN-814-1 (openjdk-6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2676", "CVE-2009-2675"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64654", "href": "http://plugins.openvas.org/nasl.php?oid=64654", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_814_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_814_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-814-1 (openjdk-6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.10:\n icedtea6-plugin 6b12-0ubuntu6.5\n openjdk-6-jre 6b12-0ubuntu6.5\n openjdk-6-jre-lib 6b12-0ubuntu6.5\n\nUbuntu 9.04:\n icedtea6-plugin 6b14-1.4.1-0ubuntu11\n openjdk-6-jre 6b14-1.4.1-0ubuntu11\n openjdk-6-jre-lib 6b14-1.4.1-0ubuntu11\n\nAfter a standard system upgrade you need to restart any Java applications\nto effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-814-1\";\n\ntag_insight = \"It was discovered that the XML HMAC signature system did not\ncorrectly check certain lengths. If an attacker sent a truncated\nHMAC, it could bypass authentication, leading to potential privilege\nescalation. (CVE-2009-0217)\n\nIt was discovered that certain variables could leak information. If a\nuser were tricked into running a malicious Java applet, a remote attacker\ncould exploit this gain access to private information and potentially\nrun untrusted code. (CVE-2009-2475, CVE-2009-2690)\n\nA flaw was discovered the OpenType checking. If a user were tricked\ninto running a malicious Java applet, a remote attacker could bypass\naccess restrictions. (CVE-2009-2476)\n\nIt was discovered that the XML processor did not correctly check\nrecursion. If a user or automated system were tricked into processing\na specially crafted XML, the system could crash, leading to a denial of\nservice. (CVE-2009-2625)\n\nIt was discovered that the Java audio subsystem did not correctly validate\ncertain parameters. If a user were tricked into running an untrusted\napplet, a remote attacker could read system properties. (CVE-2009-2670)\n\nMultiple flaws were discovered in the proxy subsystem. If a user\nwere tricked into running an untrusted applet, a remote attacker could\ndiscover local user names, obtain access to sensitive information, or\nbypass socket restrictions, leading to a loss of privacy. (CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673)\n\nFlaws were discovered in the handling of JPEG images, Unpack200 archives,\nand JDK13Services. If a user were tricked into running an untrusted\napplet, a remote attacker could load a specially crafted file that would\nbypass local file access protections and run arbitrary code with user\nprivileges. (CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\";\ntag_summary = \"The remote host is missing an update to openjdk-6\nannounced via advisory USN-814-1.\";\n\n \n\n\nif(description)\n{\n script_id(64654);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2690\", \"CVE-2009-2689\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-814-1 (openjdk-6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-814-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.5\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b14-1.4.1-0ubuntu11\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:14", "description": "The remote host is missing updates to OpenJDK 6 Software Development Kit\nannounced in advisory RHSA-2009:1201.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1201", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64591", "href": "http://plugins.openvas.org/nasl.php?oid=64591", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1201.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1201 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"All users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\nPlease note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\ntag_summary = \"The remote host is missing updates to OpenJDK 6 Software Development Kit\nannounced in advisory RHSA-2009:1201.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\";\n\n\n\n\nif(description)\n{\n script_id(64591);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1201\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1201.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of java", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:1201 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880916", "href": "http://plugins.openvas.org/nasl.php?oid=880916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2009:1201 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way the XML Digital Signature implementation in the\n JRE handled HMAC-based XML signatures. An attacker could use this flaw to\n create a crafted signature that could allow them to bypass authentication,\n or trick a user, applet, or application into accepting untrusted content.\n (CVE-2009-0217)\n \n Several potential information leaks were found in various mutable static\n variables. These could be exploited in application scenarios that execute\n untrusted scripting code. (CVE-2009-2475)\n \n It was discovered that OpenType checks can be bypassed. This could allow a\n rogue application to bypass access restrictions by acquiring references to\n privileged objects through finalizer resurrection. (CVE-2009-2476)\n \n A denial of service flaw was found in the way the JRE processes XML. A\n remote attacker could use this flaw to supply crafted XML that would lead\n to a denial of service. (CVE-2009-2625)\n \n A flaw was found in the JRE audio system. An untrusted applet or\n application could use this flaw to gain read access to restricted System\n properties. (CVE-2009-2670)\n \n Two flaws were found in the JRE proxy implementation. An untrusted applet\n or application could use these flaws to discover the usernames of users\n running applets and applications, or obtain web browser cookies and use\n them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n \n An additional flaw was found in the proxy mechanism implementation. This\n flaw allowed an untrusted applet or application to bypass access\n restrictions and communicate using non-authorized socket or URL connections\n to hosts other than the origin host. (CVE-2009-2673) \n \n An integer overflow flaw was found in the way the JRE processes JPEG\n images. An untrusted application could use this flaw to extend its\n privileges, allowing it to read and write local files, as well as to\n execute local applications with the privileges of the user running the\n application. (CVE-2009-2674)\n \n An integer overflow flaw was found in the JRE unpack200 functionality. An\n untrusted applet or application could extend its privileges, allowing it to\n read and write local files, as well as to execute local applications with\n the privileges of the user running the applet or application. (CVE-2009-2675)\n \n It was discovered that JDK13Services grants unnecess ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"java on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-August/016065.html\");\n script_id(880916);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1201\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_name(\"CentOS Update for java CESA-2009:1201 centos5 i386\");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-1.6.0.0\", rpm:\"java-1.6.0-openjdk-1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel-1.6.0.0\", rpm:\"java-1.6.0-openjdk-devel-1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc-1.6.0.0\", rpm:\"java-1.6.0-openjdk-javadoc-1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:13", "description": "Oracle Linux Local Security Checks ELSA-2009-1201", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1201", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122459", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1201.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122459\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:47 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1201\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1201 - java-1.6.0-openjdk security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1201\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1201.html\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-2675\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:57", "description": "The remote host is missing updates to OpenJDK 6 Software Development Kit\nannounced in advisory RHSA-2009:1201.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1201", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064591", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064591", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1201.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1201 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"All users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\nPlease note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\ntag_summary = \"The remote host is missing updates to OpenJDK 6 Software Development Kit\nannounced in advisory RHSA-2009:1201.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\";\n\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64591\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1201\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1201.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:36", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:1201.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064660", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064660", "sourceData": "#CESA-2009:1201 64660 2\n# $Id: ovcesa2009_1201.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1201 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1201\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1201\nhttps://rhn.redhat.com/errata/RHSA-2009-1201.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:1201.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64660\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:32", "description": "The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:1201.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64660", "href": "http://plugins.openvas.org/nasl.php?oid=64660", "sourceData": "#CESA-2009:1201 64660 2\n# $Id: ovcesa2009_1201.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1201 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1201\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1201\nhttps://rhn.redhat.com/errata/RHSA-2009-1201.html\";\ntag_summary = \"The remote host is missing updates to java-1.6.0-openjdk announced in\nadvisory CESA-2009:1201.\";\n\n\n\nif(description)\n{\n script_id(64660);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-14T19:04:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2009:1201 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310880916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880916", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-August/016065.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880916\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1201\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_name(\"CentOS Update for java CESA-2009:1201 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\n contains the software and tools that users need to run applications written\n using the Java programming language.\n\n A flaw was found in the way the XML Digital Signature implementation in the\n JRE handled HMAC-based XML signatures. An attacker could use this flaw to\n create a crafted signature that could allow them to bypass authentication,\n or trick a user, applet, or application into accepting untrusted content.\n (CVE-2009-0217)\n\n Several potential information leaks were found in various mutable static\n variables. These could be exploited in application scenarios that execute\n untrusted scripting code. (CVE-2009-2475)\n\n It was discovered that OpenType checks can be bypassed. This could allow a\n rogue application to bypass access restrictions by acquiring references to\n privileged objects through finalizer resurrection. (CVE-2009-2476)\n\n A denial of service flaw was found in the way the JRE processes XML. A\n remote attacker could use this flaw to supply crafted XML that would lead\n to a denial of service. (CVE-2009-2625)\n\n A flaw was found in the JRE audio system. An untrusted applet or\n application could use this flaw to gain read access to restricted System\n properties. (CVE-2009-2670)\n\n Two flaws were found in the JRE proxy implementation. An untrusted applet\n or application could use these flaws to discover the usernames of users\n running applets and applications, or obtain web browser cookies and use\n them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\n An additional flaw was found in the proxy mechanism implementation. This\n flaw allowed an untrusted applet or application to bypass access\n restrictions and communicate using non-authorized socket or URL connections\n to hosts other than the origin host. (CVE-2009-2673)\n\n An integer overflow flaw was found in the way the JRE processes JPEG\n images. An untrusted application could use this flaw to extend its\n privileges, allowing it to read and write local files, as well as to\n execute local applications with the privileges of the user running the\n application. (CVE-2009-2674)\n\n An integer overflow flaw was found in the JRE unpack200 functionality. An\n untrusted applet or application could extend its privileges, allowing it to\n read and write local files, as well as to execute local applications with\n the privileges of the user running the applet or application. (CVE-2009-2675)\n\n It was discovered that JDK13Services grants unnecess ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS5\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.2.b09.el5\", rls:\"CentOS5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:13", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8329.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064613", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064613", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8329.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8329 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUrgent security updates have been included\n\nChangeLog:\n\n* Tue Aug 4 2009 Lillian Angel - 1:1.6.0-27.b16\n- Updated java-1.6.0-openjdk-netx.patch, and renamed to\njava-1.6.0-openjdk-netxandplugin.patch.\n- Added java-1.6.0-openjdk-securitypatches.patch.\n- Resolves: rhbz#512101 rhbz#512896 rhbz#512914 rhbz#512907 rhbz#512921\n\t rhbz#511915 rhbz#512915 rhbz#512920 rhbz#512714 rhbz#513215\n\t rhbz#513220 rhbz#513222 rhbz#513223 rhbz#503794\n* Mon Aug 3 2009 Christopher Aillon - 1:1.6.0.0-26.b16\n- Rebuild against newer gecko\n* Fri Jul 17 2009 Jan Horak - 1:1.6.0.0-25.b16\n- Rebuild against newer gecko\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update java-1.6.0-openjdk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8329\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8329.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64613\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-1896\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513215\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513220\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512921\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512914\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512920\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513222\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513223\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512101\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~27.b16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~demo~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~devel~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~javadoc~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~plugin~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~src~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~debuginfo~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:42", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8337.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064615", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8337.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8337 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The OpenJDK runtime environment.\n\nUpdate Information:\n\nUrgent security fixes have been included.\nChangeLog:\n\n* Wed Aug 5 2009 Lillian Angel - 1:1.6.0-20.b16\n- Updated java-1.6.0-openjdk-netx.patch, and renamed to\n java-1.6.0-openjdk-netxandplugin.patch.\n- Added java-1.6.0-openjdk-securitypatches.patch.\n- Resolves: rhbz#512101 rhbz#512896 rhbz#512914 rhbz#512907 rhbz#512921\n rhbz#511915 rhbz#512915 rhbz#512920 rhbz#512714 rhbz#513215\n rhbz#513220 rhbz#513222 rhbz#513223 rhbz#503794\n* Thu Jul 9 2009 Lillian Angel - 1:1.6.0-19.b16\n- Added java-1.6.0-openjdk-netx.patch\n- Moved policytool to devel package.\n- Updated release.\n- Resolves: rhbz#507870\n- Resolves: rhbz#471346\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update java-1.6.0-openjdk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8337\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8337.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64615\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-1896\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513215\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513220\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512921\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512914\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512920\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513222\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513223\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512101\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~20.b16.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~demo~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~devel~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~javadoc~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~plugin~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~src~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~debuginfo~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8337.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64615", "href": "http://plugins.openvas.org/nasl.php?oid=64615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8337.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8337 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The OpenJDK runtime environment.\n\nUpdate Information:\n\nUrgent security fixes have been included.\nChangeLog:\n\n* Wed Aug 5 2009 Lillian Angel - 1:1.6.0-20.b16\n- Updated java-1.6.0-openjdk-netx.patch, and renamed to\n java-1.6.0-openjdk-netxandplugin.patch.\n- Added java-1.6.0-openjdk-securitypatches.patch.\n- Resolves: rhbz#512101 rhbz#512896 rhbz#512914 rhbz#512907 rhbz#512921\n rhbz#511915 rhbz#512915 rhbz#512920 rhbz#512714 rhbz#513215\n rhbz#513220 rhbz#513222 rhbz#513223 rhbz#503794\n* Thu Jul 9 2009 Lillian Angel - 1:1.6.0-19.b16\n- Added java-1.6.0-openjdk-netx.patch\n- Moved policytool to devel package.\n- Updated release.\n- Resolves: rhbz#507870\n- Resolves: rhbz#471346\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update java-1.6.0-openjdk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8337\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8337.\";\n\n\n\nif(description)\n{\n script_id(64615);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-1896\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513215\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513220\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512921\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512914\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512920\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513222\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513223\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512101\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~20.b16.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~demo~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~devel~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~javadoc~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~plugin~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~src~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~debuginfo~1.6.0.0\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:00", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8329.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64613", "href": "http://plugins.openvas.org/nasl.php?oid=64613", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8329.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8329 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUrgent security updates have been included\n\nChangeLog:\n\n* Tue Aug 4 2009 Lillian Angel - 1:1.6.0-27.b16\n- Updated java-1.6.0-openjdk-netx.patch, and renamed to\njava-1.6.0-openjdk-netxandplugin.patch.\n- Added java-1.6.0-openjdk-securitypatches.patch.\n- Resolves: rhbz#512101 rhbz#512896 rhbz#512914 rhbz#512907 rhbz#512921\n\t rhbz#511915 rhbz#512915 rhbz#512920 rhbz#512714 rhbz#513215\n\t rhbz#513220 rhbz#513222 rhbz#513223 rhbz#503794\n* Mon Aug 3 2009 Christopher Aillon - 1:1.6.0.0-26.b16\n- Rebuild against newer gecko\n* Fri Jul 17 2009 Jan Horak - 1:1.6.0.0-25.b16\n- Rebuild against newer gecko\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update java-1.6.0-openjdk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8329\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory FEDORA-2009-8329.\";\n\n\n\nif(description)\n{\n script_id(64613);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-1896\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=511915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513215\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513220\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512921\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512914\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512920\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513222\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513223\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=512101\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~27.b16.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~demo~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~devel~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~javadoc~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~plugin~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~src~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~debuginfo~1.6.0.0\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:46:58", "description": "The remote host is missing Java for Mac OS X 10.5 Update 5.", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2205", "CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2723", "CVE-2009-2722", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2019-12-05T00:00:00", "id": "OPENVAS:1361412562310102043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102043", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 5\n#\n# LSS-NVT-2010-032\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102043\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2670\", \"CVE-2009-2690\", \"CVE-2009-0217\",\n \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2689\",\n \"CVE-2009-2675\", \"CVE-2009-2625\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2205\");\n script_name(\"Java for Mac OS X 10.5 Update 5\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.5\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3851\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Java for Mac OS X 10.5 Update 5.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Java\");\n\n script_tag(name:\"solution\", value:\"Update your Java for Mac OS X. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.5\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"5\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"5\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:59", "description": "The remote host is missing Java for Mac OS X 10.5 Update 5.\n One or more of the following components are affected:\n\n Java", "cvss3": {}, "published": "2010-05-28T00:00:00", "type": "openvas", "title": "Java for Mac OS X 10.5 Update 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2205", "CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2723", "CVE-2009-2722", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102043", "href": "http://plugins.openvas.org/nasl.php?oid=102043", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Java for Mac OS X 10.5 Update 5\n#\n# LSS-NVT-2010-032\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Java for Mac OS X.\n\n For more information see:\n http://support.apple.com/kb/HT3851\";\n\ntag_summary = \"The remote host is missing Java for Mac OS X 10.5 Update 5.\n One or more of the following components are affected:\n\n Java\";\n\n\nif(description)\n{\n script_id(102043);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 13:49:16 +0200 (Fri, 28 May 2010)\");\n script_cve_id(\"CVE-2009-2475\",\"CVE-2009-2476\",\"CVE-2009-2670\",\"CVE-2009-2690\",\"CVE-2009-0217\",\"CVE-2009-2671\",\"CVE-2009-2672\",\"CVE-2009-2673\",\"CVE-2009-2674\",\"CVE-2009-2689\",\"CVE-2009-2675\",\"CVE-2009-2625\",\"CVE-2009-2722\",\"CVE-2009-2723\",\"CVE-2009-2205\");\n script_name(\"Java for Mac OS X 10.5 Update 5\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\");\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"5\")) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n\tif (isosxpkgvuln(fixed:\"com.apple.pkg.JavaForMacOSX10.5Update\", diff:\"5\")) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:20", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:209.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2675"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064681", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064681", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_209.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:209 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple Java OpenJDK security vulnerabilities has been identified\nand fixed. For details, please visit the referenced security\nadvisories.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:209\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:209.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64681\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1896\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:04", "description": "The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:209.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2476", "CVE-2009-0217", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2625", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2671", "CVE-2009-2675"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64681", "href": "http://plugins.openvas.org/nasl.php?oid=64681", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_209.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:209 (java-1.6.0-openjdk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple Java OpenJDK security vulnerabilities has been identified\nand fixed. For details, please visit the referenced security\nadvisories.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:209\";\ntag_summary = \"The remote host is missing an update to java-1.6.0-openjdk\nannounced via advisory MDVSA-2009:209.\";\n\n \n\nif(description)\n{\n script_id(64681);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1896\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.3mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-plugin\", rpm:\"java-1.6.0-openjdk-plugin~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~0.20.b16.0.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:15", "description": "This host is installed with Sun Java JDK/JRE/SDK and is prone to\n an unspecified vulnerability.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2676"], "modified": "2018-12-03T00:00:00", "id": "OPENVAS:1361412562310800869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800869", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_se_unspecified_vuln_aug09.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800869\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2676\");\n script_bugtraq_id(35946);\n script_name(\"Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36159\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue by modifying or creating of files on\n the affected application.\");\n\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20\n Sun Java SDK/JRE version prior to 1.4.2_22.\");\n\n script_tag(name:\"insight\", value:\"An unspecified vulnerability exists in 'JNLPAppletlauncher' class, which can\n be exploited via vectors involving an untrusted Java applet.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE/SDK and is prone to\n an unspecified vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20\n\n or\n\n Upgrade to SDK/JRE version 1.4.2_22.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n if(version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.21\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-11-13T13:00:46", "description": "This host is installed with Sun Java JDK/JRE/SDK and is prone to\n unspecified vulnerability.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2676"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800869", "href": "http://plugins.openvas.org/nasl.php?oid=800869", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_se_unspecified_vuln_aug09.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 15 or 5 Update 20\n http://java.sun.com/javase/downloads/index.jsp\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n or\n Upgrade to SDK/JRE version 1.4.2_22\n http://java.sun.com/j2se/1.4.2/download.html\n or\n Apply the patch from below link,\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"An attacker may leverage this issue by modifying or creating of files on\n the affected application.\n Impact Level: System/Application\";\ntag_affected = \"Sun Java JDK/JRE version 6 before Update 15 or 5.0 before Update 20\n Sun Java SDK/JRE version prior to 1.4.2_22\";\ntag_insight = \"Unspecified vulnerability exists in 'JNLPAppletlauncher' class, which can\n be exploited via vectors involving an untrusted Java applet.\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE/SDK and is prone to\n unspecified vulnerability.\";\n\nif(description)\n{\n script_id(800869);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2676\");\n script_bugtraq_id(35946);\n script_name(\"Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36159\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Get KB for JDK Version On Windows\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n # Check for 1.5 < 1.5.0_20 (5 Update 20) or 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jdkVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Get KB for JRE version installed on Windows\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n # Get KB for JRE version installed on Linux\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for JRE version 1.4 < 1.4.2_22 or 1.5 < 1.5.0_20 (5 Update 20) or\n # 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.21\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.19\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:37", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:016. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3241", "CVE-2008-7160", "CVE-2009-2670", "CVE-2009-2476", "CVE-2009-2632", "CVE-2009-2689", "CVE-2009-2690", "CVE-2008-7159", "CVE-2008-5349", "CVE-2009-3231", "CVE-2009-2625", "CVE-2009-2408", "CVE-2009-2673", "CVE-2009-3230", "CVE-2009-3111", "CVE-2009-3051", "CVE-2009-3229", "CVE-2009-2674", "CVE-2009-3235", "CVE-2009-2475", "CVE-2009-1297", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675", "CVE-2009-2661"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066059", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066059", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_016.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:016\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:016. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \n desc = \"\n Summary:\n \" + tag_summary + \"\n Solution:\n \" + tag_solution;\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66059\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2008-5349\", \"CVE-2008-7159\", \"CVE-2008-7160\", \"CVE-2009-1297\", \"CVE-2009-2408\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2632\", \"CVE-2009-2661\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-3051\", \"CVE-2009-3111\", \"CVE-2009-3229\", \"CVE-2009-3230\", \"CVE-2009-3231\", \"CVE-2009-3235\", \"CVE-2009-3241\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:016\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aria2\", rpm:\"aria2~0.16.0~1.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11\", rpm:\"dovecot11~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-mysql\", rpm:\"dovecot11-backend-mysql~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-pgsql\", rpm:\"dovecot11-backend-pgsql~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-sqlite\", rpm:\"dovecot11-backend-sqlite~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-devel\", rpm:\"dovecot11-devel~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-fts-lucene\", rpm:\"dovecot11-fts-lucene~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-do\", rpm:\"gnome-do~0.6.1.0~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi\", rpm:\"kiwi~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-isoboot\", rpm:\"kiwi-desc-isoboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-netboot\", rpm:\"kiwi-desc-netboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-oemboot\", rpm:\"kiwi-desc-oemboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-usbboot\", rpm:\"kiwi-desc-usbboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-vmxboot\", rpm:\"kiwi-desc-vmxboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-xenboot\", rpm:\"kiwi-desc-xenboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-doc\", rpm:\"kiwi-doc~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-instsource\", rpm:\"kiwi-instsource~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-pxeboot\", rpm:\"kiwi-pxeboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-pxeboot-prebuild\", rpm:\"kiwi-pxeboot-prebuild~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-tools\", rpm:\"kiwi-tools~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh-devel\", rpm:\"libssh-devel~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh-devel-doc\", rpm:\"libssh-devel-doc~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusb-0_1-4\", rpm:\"libusb-0_1-4~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusb-devel\", rpm:\"libusb-devel~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusbpp-0_1-4\", rpm:\"libusbpp-0_1-4~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-zypp\", rpm:\"perl-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-zypp\", rpm:\"python-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-zypp\", rpm:\"ruby-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sg3_utils\", rpm:\"sg3_utils~1.27~16.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sg3_utils-devel\", rpm:\"sg3_utils-devel~1.27~16.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.71.11~7.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-gtk\", rpm:\"yast2-gtk~2.17.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.0.12~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.13~24.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.13~24.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.16\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.16\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.5~6.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.5~6.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-devel\", rpm:\"freeradius-devel~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-dialupadmin\", rpm:\"freeradius-dialupadmin~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.22\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.22\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:19", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:016. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3241", "CVE-2008-7160", "CVE-2009-2670", "CVE-2009-2476", "CVE-2009-2632", "CVE-2009-2689", "CVE-2009-2690", "CVE-2008-7159", "CVE-2008-5349", "CVE-2009-3231", "CVE-2009-2625", "CVE-2009-2408", "CVE-2009-2673", "CVE-2009-3230", "CVE-2009-3111", "CVE-2009-3051", "CVE-2009-3229", "CVE-2009-2674", "CVE-2009-3235", "CVE-2009-2475", "CVE-2009-1297", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2675", "CVE-2009-2661"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66059", "href": "http://plugins.openvas.org/nasl.php?oid=66059", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_016.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:016\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:016. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \n desc = \"\n Summary:\n \" + tag_summary + \"\n Solution:\n \" + tag_solution;\nif(description)\n{\n script_id(66059);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2008-5349\", \"CVE-2008-7159\", \"CVE-2008-7160\", \"CVE-2009-1297\", \"CVE-2009-2408\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2632\", \"CVE-2009-2661\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-3051\", \"CVE-2009-3111\", \"CVE-2009-3229\", \"CVE-2009-3230\", \"CVE-2009-3231\", \"CVE-2009-3235\", \"CVE-2009-3241\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:016\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aria2\", rpm:\"aria2~0.16.0~1.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11\", rpm:\"dovecot11~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-mysql\", rpm:\"dovecot11-backend-mysql~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-pgsql\", rpm:\"dovecot11-backend-pgsql~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-backend-sqlite\", rpm:\"dovecot11-backend-sqlite~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-devel\", rpm:\"dovecot11-devel~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot11-fts-lucene\", rpm:\"dovecot11-fts-lucene~1.1.7~1.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-html\", rpm:\"glibc-html~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-i18ndata\", rpm:\"glibc-i18ndata~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-info\", rpm:\"glibc-info~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-locale\", rpm:\"glibc-locale~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-obsolete\", rpm:\"glibc-obsolete~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"glibc-profile\", rpm:\"glibc-profile~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-do\", rpm:\"gnome-do~0.6.1.0~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6_b16~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi\", rpm:\"kiwi~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-isoboot\", rpm:\"kiwi-desc-isoboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-netboot\", rpm:\"kiwi-desc-netboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-oemboot\", rpm:\"kiwi-desc-oemboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-usbboot\", rpm:\"kiwi-desc-usbboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-vmxboot\", rpm:\"kiwi-desc-vmxboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-desc-xenboot\", rpm:\"kiwi-desc-xenboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-doc\", rpm:\"kiwi-doc~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-instsource\", rpm:\"kiwi-instsource~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-pxeboot\", rpm:\"kiwi-pxeboot~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-pxeboot-prebuild\", rpm:\"kiwi-pxeboot-prebuild~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kiwi-tools\", rpm:\"kiwi-tools~3.01~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsatsolver-devel\", rpm:\"libsatsolver-devel~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh-devel\", rpm:\"libssh-devel~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh-devel-doc\", rpm:\"libssh-devel-doc~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh2\", rpm:\"libssh2~0.2~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusb-0_1-4\", rpm:\"libusb-0_1-4~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusb-devel\", rpm:\"libusb-devel~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libusbpp-0_1-4\", rpm:\"libusbpp-0_1-4~0.1.12~139.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp\", rpm:\"libzypp~5.30.13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libzypp-devel\", rpm:\"libzypp-devel~5.30.13~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.9~2.12.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-satsolver\", rpm:\"perl-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-zypp\", rpm:\"perl-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-satsolver\", rpm:\"python-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-zypp\", rpm:\"python-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-satsolver\", rpm:\"ruby-satsolver~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-zypp\", rpm:\"ruby-zypp~0.4.8~2.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"satsolver-tools\", rpm:\"satsolver-tools~0.13.8~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sg3_utils\", rpm:\"sg3_utils~1.27~16.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sg3_utils-devel\", rpm:\"sg3_utils-devel~1.27~16.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysconfig\", rpm:\"sysconfig~0.71.11~7.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.4~2.11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.4~2.11.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"yast2-gtk\", rpm:\"yast2-gtk~2.17.14~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"zypper\", rpm:\"zypper~1.0.12~0.1.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.13~24.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.13~24.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6_b16~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~1.0.0~17.16\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~1.0.0~17.16\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot\", rpm:\"dovecot~1.0.5~6.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dovecot-devel\", rpm:\"dovecot-devel~1.0.5~6.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-devel\", rpm:\"freeradius-devel~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-dialupadmin\", rpm:\"freeradius-dialupadmin~1.1.6~47.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dbase\", rpm:\"php5-dbase~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-hash\", rpm:\"php5-hash~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mhash\", rpm:\"php5-mhash~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-ncurses\", rpm:\"php5-ncurses~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.2.11~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.14~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark\", rpm:\"wireshark~0.99.6~31.22\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wireshark-devel\", rpm:\"wireshark-devel~0.99.6~31.22\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:35", "description": "This host is installed with Sun Java JDK/JRE and is prone to Integer\n Overflow vulnerability.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2476", "CVE-2009-2716", "CVE-2009-2690", "CVE-2009-2720", "CVE-2009-2674", "CVE-2009-2719"], "modified": "2020-04-27T00:00:00", "id": "OPENVAS:1361412562310800868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800868", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800868\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2674\", \"CVE-2009-2476\", \"CVE-2009-2690\",\n \"CVE-2009-2716\", \"CVE-2009-2719\", \"CVE-2009-2720\");\n script_bugtraq_id(35942);\n script_name(\"Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36159\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36162\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36176\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36180\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u15.html\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-09-050/\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\");\n script_xref(name:\"URL\", value:\"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to gain sensitive\n information, and can cause Denial of Service in the context of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE version 6 before Update 15.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist:\n\n - Integer overflow occurs in JRE while vectors involving an untrusted Java Web\n Start application that grants permissions to itself, related to parsing of\n JPEG images.\n\n - Error in the Java Management Extensions (JMX) implementation which does not\n properly enforce OpenType checks.\n\n - Error in encoder which grants read access to private variables with unspecified\n names via an untrusted applet or application.\n\n - The plugin functionality does not properly implement version selection,\n which can be exploited by 'old zip and certificate handling' via unknown\n vectors.\n\n - Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion'\n method in the Swing implementation which causes NullPointerException via\n unknown vectors.\n\n - Error in Java Web Start implementation which causes NullPointerException\n via a crafted '.jnlp' file.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to Integer\n Overflow vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 15.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n report = report_fixed_ver(installed_version:jdkVer, vulnerable_range:\"1.6 - 1.6.0.14\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n report = report_fixed_ver(installed_version:jreVer, vulnerable_range:\"1.6 - 1.6.0.14\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-13T12:59:46", "description": "This host is installed with Sun Java JDK/JRE and is prone to Integer\n Overflow vulnerability.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2476", "CVE-2009-2716", "CVE-2009-2690", "CVE-2009-2720", "CVE-2009-2674", "CVE-2009-2719"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:800868", "href": "http://plugins.openvas.org/nasl.php?oid=800868", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_int_overflow_vuln_aug09.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 15\n http://java.sun.com/javase/downloads/index.jsp\n or\n Apply the patch from below link,\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1\n http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to gain sensitive\n information, and can cause Denial of Service in the context of the affected\n system.\n Impact Level: System/Application\";\ntag_affected = \"Sun Java JDK/JRE version 6 before Update 15.\";\ntag_insight = \"- Integer overflow occurs in JRE while vectors involving an untrusted Java Web\n Start application that grants permissions to itself, related to parsing of\n JPEG images.\n - Error in the Java Management Extensions (JMX) implementation which does not\n properly enforce OpenType checks.\n - Error in encoder which grants read access to private variables with unspecified\n names via an untrusted applet or application.\n - The plugin functionality does not properly implement version selection,\n which can be exploited by 'old zip and certificate handling' via unknown\n vectors.\n - Unspecified error in the 'javax.swing.plaf.synth.SynthContext.isSubregion'\n method in the Swing implementation which causes NullPointerException via\n unknown vectors.\n - Error in Java Web Start implementation which causes NullPointerException\n via a crafted '.jnlp' file.\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to Integer\n Overflow vulnerability.\";\n\nif(description)\n{\n script_id(800868);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2674\", \"CVE-2009-2476\", \"CVE-2009-2690\",\n \"CVE-2009-2716\", \"CVE-2009-2719\", \"CVE-2009-2720\");\n script_bugtraq_id(35942);\n script_name(\"Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36159\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36162\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36176\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36180\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u15.html\");\n script_xref(name : \"URL\" , value : \"http://www.zerodayinitiative.com/advisories/ZDI-09-050/\");\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\", \"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win_or_Linux/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Get KB for JDK Version On Windows\njdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(jdkVer)\n{\n # Check for 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jdkVer, test_version:\"1.6\", test_version2:\"1.6.0.14\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Get KB for JRE Version On Windows\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(isnull(jreVer))\n{\n # Get KB for JRE/JDK Version On Linux\n jreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\n if(isnull(jreVer))\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.6 < 1.6.0_15 (6 Update 15)\n if(version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.14\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-05-19T14:18:01", "description": "The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-SUN-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-1161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40525);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)\");\n script_summary(english:\"Check for the java-1_6_0-sun-1161 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 6 was updated to Update 15 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528268\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-alsa-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-demo-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-devel-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-plugin-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-sun-src-1.6.0.u15-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:52", "description": "The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-1162.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40526);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)\");\n script_summary(english:\"Check for the java-1_5_0-sun-1162 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 5 was updated to Update 20 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528268\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update20-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update20-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update20-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update20-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update20-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-src-1.5.0_update20-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:24", "description": "The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_5_0-SUN-6396.NASL", "href": "https://www.tenable.com/plugins/nessus/42007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-6396.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42007);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6396)\");\n script_summary(english:\"Check for the java-1_5_0-sun-6396 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 5 was updated to Update 20 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-alsa-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-demo-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-devel-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-plugin-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_5_0-sun-src-1.5.0_update20-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:10", "description": "The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6395)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_JAVA-1_6_0-SUN-6395.NASL", "href": "https://www.tenable.com/plugins/nessus/42008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-6395.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42008);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6395)\");\n script_summary(english:\"Check for the java-1_6_0-sun-6395 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 6 was updated to Update 15 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-alsa-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-debuginfo-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-demo-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-devel-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-plugin-1.6.0.u15-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"java-1_6_0-sun-src-1.6.0.u15-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:33", "description": "The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_5_0-SUN-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-1162.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40524);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)\");\n script_summary(english:\"Check for the java-1_5_0-sun-1162 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 5 was updated to Update 20 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528268\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update20-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update20-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:50", "description": "The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues.\n\n - The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. (CVE-2009-2670)\n\n - The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. (CVE-2009-2671)\n\n - The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. (CVE-2009-2672)\n\n - The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n (CVE-2009-2673)\n\n - Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images. (CVE-2009-2674)\n\n - Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression. (CVE-2009-2675)\n\n - Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier;\n and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet. (CVE-2009-2676)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-SUN-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/41408", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41408);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 6 was updated to Update 15 fixing various\nsecurity issues.\n\n - The audio system in Sun Java Runtime Environment (JRE)\n in JDK and JRE 6 before Update 15, and JDK and JRE 5.0\n before Update 20, does not prevent access to\n java.lang.System properties by (1) untrusted applets and\n (2) Java Web Start applications, which allows\n context-dependent attackers to obtain sensitive\n information by reading these properties. (CVE-2009-2670)\n\n - The SOCKS proxy implementation in Sun Java Runtime\n Environment (JRE) in JDK and JRE 6 before Update 15, and\n JDK and JRE 5.0 before Update 20, allows remote\n attackers to discover the username of the account that\n invoked an untrusted (1) applet or (2) Java Web Start\n application via unspecified vectors. (CVE-2009-2671)\n\n - The proxy mechanism implementation in Sun Java Runtime\n Environment (JRE) in JDK and JRE 6 before Update 15, and\n JDK and JRE 5.0 before Update 20, does not prevent\n access to browser cookies by untrusted (1) applets and\n (2) Java Web Start applications, which allows remote\n attackers to hijack web sessions via unspecified\n vectors. (CVE-2009-2672)\n\n - The proxy mechanism implementation in Sun Java Runtime\n Environment (JRE) in JDK and JRE 6 before Update 15, and\n JDK and JRE 5.0 before Update 20, allows remote\n attackers to bypass intended access restrictions and\n connect to arbitrary sites via unspecified vectors,\n related to a declaration that lacks the final keyword.\n (CVE-2009-2673)\n\n - Integer overflow in Sun Java Runtime Environment (JRE)\n in JDK and JRE 6 before Update 15 allows\n context-dependent attackers to gain privileges via\n vectors involving an untrusted Java Web Start\n application that grants permissions to itself, related\n to parsing of JPEG images. (CVE-2009-2674)\n\n - Integer overflow in the unpack200 utility in Sun Java\n Runtime Environment (JRE) in JDK and JRE 6 before Update\n 15, and JDK and JRE 5.0 before Update 20, allows\n context-dependent attackers to gain privileges via\n vectors involving an untrusted (1) applet or (2) Java\n Web Start application that grants permissions to itself,\n related to decompression. (CVE-2009-2675)\n\n - Unspecified vulnerability in JNLPAppletlauncher in Sun\n Java SE, and SE for Business, in JDK and JRE 6 Update 14\n and earlier +and JDK and JRE 5.0 Update 19 and earlier;\n and Java SE for Business in SDK and JRE 1.4.2_21 and\n earlier; allows remote attackers to create or modify\n arbitrary files via vectors involving an untrusted Java\n applet. (CVE-2009-2676)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=492912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=494536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=496489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=510016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2670.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2674.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1163.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-alsa-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-demo-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-plugin-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-src-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-alsa-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-demo-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-plugin-1.6.0.u15-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-src-1.6.0.u15-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:52", "description": "The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier +and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-1161.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40527);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)\");\n script_summary(english:\"Check for the java-1_6_0-sun-1161 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java JRE /JDK 6 was updated to Update 15 fixing various\nsecurity issues.\n\nCVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update\n20, does not prevent access to java.lang.System properties by (1)\nuntrusted applets and (2) Java Web Start applications, which allows\ncontext-dependent attackers to obtain sensitive information by reading\nthese properties.\n\nCVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to discover the username\nof the account that invoked an untrusted (1) applet or (2) Java Web\nStart application via unspecified vectors.\n\nCVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, does not prevent access to browser cookies by\nuntrusted (1) applets and (2) Java Web Start applications, which\nallows remote attackers to hijack web sessions via unspecified\nvectors.\n\nCVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime\nEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE\n5.0 before Update 20, allows remote attackers to bypass intended\naccess restrictions and connect to arbitrary sites via unspecified\nvectors, related to a declaration that lacks the final keyword.\n\nCVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE)\nin JDK and JRE 6 before Update 15 allows context-dependent attackers\nto gain privileges via vectors involving an untrusted Java Web Start\napplication that grants permissions to itself, related to parsing of\nJPEG images.\n\nCVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java\nRuntime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK\nand JRE 5.0 before Update 20, allows context-dependent attackers to\ngain privileges via vectors involving an untrusted (1) applet or (2)\nJava Web Start application that grants permissions to itself, related\nto decompression.\n\nCVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun\nJava SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier\n+and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business\nin SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create\nor modify arbitrary files via vectors involving an untrusted Java\napplet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528268\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u15-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u15-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u15-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u15-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u15-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-src-1.6.0.u15-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:27", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR6 Java release. All running instances of IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-11-13T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1582)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1582.NASL", "href": "https://www.tenable.com/plugins/nessus/42790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1582. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42790);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\");\n script_bugtraq_id(35939, 35942, 35943, 35944, 35946, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1582\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1582)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-2625, CVE-2009-2670,\nCVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2676\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1582\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1582\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-demo-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.6-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-src-1.6.0.6-1jpp.3.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.6-1jpp.3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.6-1jpp.3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:01", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues :\n\n - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408)\n\n - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409)\n\n - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to escalate privileges. (263428)\n\n - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429)\n\n - An integer overflow vulnerability with unpacking applets and Java Web start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet to escalate privileges. (263488)\n\n - An issue with parsing XML data may allow a remote client to create a denial of service condition. (263489)\n\n - Non-current versions of the 'JNLPAppletLauncher' may be re-purposed with an untrusted Java applet to write arbitrary files. (263490)\n\n - A vulnerability in the Active Template Library in various releases of Microsoft Visual Studio that is used by the Java Web Start ActiveX control can be leveraged to execute arbitrary code. (264648)", "cvss3": {}, "published": "2009-08-05T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_263408.NASL", "href": "https://www.tenable.com/plugins/nessus/40495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40495);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2009-0217\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2674\",\n \"CVE-2009-2675\",\n \"CVE-2009-2676\"\n );\n script_bugtraq_id(\n 35922,\n 35939,\n 35942,\n 35943,\n 35944,\n 35945,\n 35946,\n 35958\n );\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a runtime environment that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 /\n1.3.1_26. Such version are potentially affected by the following\nsecurity issues :\n\n - A vulnerability in the JRE audio system may allow system\n properties to be accessed. (263408)\n\n - A privilege escalation vulnerability may exist in the\n JRE SOCKS proxy implementation. (263409)\n\n - An integer overflow vulnerability when parsing JPEG\n images may allow an untrusted Java Web Start application\n to escalate privileges. (263428)\n\n - A vulnerability with verifying HMAC-based XML digital\n signatures in the XML Digital Signature implementation\n may allow authentication to be bypassed. (263429)\n\n - An integer overflow vulnerability with unpacking applets\n and Java Web start applications using the 'unpack200' JAR\n unpacking utility may allow an untrusted applet to\n escalate privileges. (263488)\n\n - An issue with parsing XML data may allow a remote client\n to create a denial of service condition. (263489)\n\n - Non-current versions of the 'JNLPAppletLauncher' may be\n re-purposed with an untrusted Java applet to write\n arbitrary files. (263490)\n\n - A vulnerability in the Active Template Library in\n various releases of Microsoft Visual Studio that is used\n by the Java Web Start ActiveX control can be leveraged\n to execute arbitrary code. (264648)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020707.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020708.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020709.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020710.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020712.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020713.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020714.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020714.1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 15, JDK / JRE 5.0 Update 20,\nSDK / JRE 1.4.2_22, or SDK / JRE 1.3.1_26 or later and remove, if\nnecessary, any affected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list(\"SMB/Java/JRE/*\");\nif (isnull(installs)) exit(1, \"The 'SMB/Java/JRE/' KB item is missing.\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver =~ \"^[0-9.]+\")\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-4])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-9])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]|2[01]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-5]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_15 / 1.5.0_20 / 1.4.2_22 / 1.3.1_26\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:10", "description": "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues :\n\n - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408)\n\n - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409)\n\n - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to elevate privileges. (263428)\n\n - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429)\n\n - An integer overflow vulnerability with unpacking applets and Java Web start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet to elevate privileges. (263488)\n\n - An issue with parsing XML data may allow a remote client to create a denial of service condition. (263489)\n\n - Non-current versions of the 'JNLPAppletLauncher' may be re-purposed with an untrusted Java applet to write arbitrary files. (263490)", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:oracle:jre"], "id": "SUN_JAVA_JRE_263408_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64830);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2009-0217\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2674\",\n \"CVE-2009-2675\",\n \"CVE-2009-2676\"\n );\n script_bugtraq_id(\n 35922,\n 35939,\n 35942,\n 35943,\n 35944,\n 35945,\n 35946,\n 35958\n );\n\n script_name(english:\"Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a runtime environment that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Sun Java Runtime Environment (JRE) installed on the\nremote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 /\n1.3.1_26. Such version are potentially affected by the following\nsecurity issues :\n\n - A vulnerability in the JRE audio system may allow system\n properties to be accessed. (263408)\n\n - A privilege escalation vulnerability may exist in the\n JRE SOCKS proxy implementation. (263409)\n\n - An integer overflow vulnerability when parsing JPEG\n images may allow an untrusted Java Web Start application\n to elevate privileges. (263428)\n\n - A vulnerability with verifying HMAC-based XML digital\n signatures in the XML Digital Signature implementation\n may allow authentication to be bypassed. (263429)\n\n - An integer overflow vulnerability with unpacking applets\n and Java Web start applications using the 'unpack200' JAR\n unpacking utility may allow an untrusted applet to\n elevate privileges. (263488)\n\n - An issue with parsing XML data may allow a remote client\n to create a denial of service condition. (263489)\n\n - Non-current versions of the 'JNLPAppletLauncher' may be\n re-purposed with an untrusted Java applet to write\n arbitrary files. (263490)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020707.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020708.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020709.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020710.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020712.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020713.1.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://download.oracle.com/sunalerts/1020714.1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Sun Java JDK / JRE 6 Update 15, JDK / JRE 5.0 Update 20, SDK\n/ JRE 1.4.2_22, or SDK / JRE 1.3.1_26 or later and remove, if necessary,\nany affected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2675\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n installed_versions = installed_versions + \" & \" + ver;\n if (\n ver =~ \"^1\\.6\\.0_(0[0-9]|1[0-4])([^0-9]|$)\" ||\n ver =~ \"^1\\.5\\.0_(0[0-9]|1[0-9])([^0-9]|$)\" ||\n ver =~ \"^1\\.4\\.([01]_|2_([01][0-9]|2[01]([^0-9]|$)))\" ||\n ver =~ \"^1\\.3\\.(0_|1_([01][0-9]|2[0-5]([^0-9]|$)))\"\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_15 / 1.5.0_20 / 1.4.2_22 / 1.3.1_26\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:38", "description": "The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet. (CVE-2009-2676)\n\nThe JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code.\n\n - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493)\n\n - A vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to access system properties. (CVE-2009-2670)\n\n - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217)\n\nNote: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.\n\n - A vulnerability in the Java Runtime Environment with the SOCKS proxy implementation might allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application.\n (CVE-2009-2671 / CVE-2009-2672)\n\nA second vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions.\n\n - A vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673)\n\n - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2674)\n\n - An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2675)\n\n - A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. (CVE-2009-2625)", "cvss3": {}, "published": "2009-11-05T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2493", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_6_0-IBM-091102.NASL", "href": "https://www.tenable.com/plugins/nessus/42396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42396);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2493\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\");\n\n script_name(english:\"SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing\nvarious bugs and security issues.\n\nThe following security issues were fixed :\n\n - A security vulnerability in the JNLPAppletLauncher might\n impact users of the Sun JDK and JRE. Non-current\n versions of the JNLPAppletLauncher might be re-purposed\n with an untrusted Java applet to write arbitrary files\n on the system of the user downloading and running the\n untrusted applet. (CVE-2009-2676)\n\nThe JNLPAppletLauncher is a general purpose JNLP-based applet launcher\nclass for deploying applets that use extension libraries containing\nnative code.\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\n - A vulnerability in the Java Runtime Environment audio\n system might allow an untrusted applet or Java Web Start\n application to access system properties. (CVE-2009-2670)\n\n - A vulnerability with verifying HMAC-based XML digital\n signatures in the XML Digital Signature implementation\n included with the Java Runtime Environment (JRE) might\n allow authentication to be bypassed. Applications that\n validate HMAC-based XML digital signatures might be\n vulnerable to this type of attack. (CVE-2009-0217)\n\nNote: This vulnerability cannot be exploited by an untrusted applet or\nJava Web Start application.\n\n - A vulnerability in the Java Runtime Environment with the\n SOCKS proxy implementation might allow an untrusted\n applet or Java Web Start application to determine the\n username of the user running the applet or application.\n (CVE-2009-2671 / CVE-2009-2672)\n\nA second vulnerability in the Java Runtime Environment with the proxy\nmechanism implementation might allow an untrusted applet or Java Web\nStart application to obtain browser cookies and leverage those cookies\nto hijack sessions.\n\n - A vulnerability in the Java Runtime Environment with the\n proxy mechanism implementation might allow an untrusted\n applet or Java Web Start application to make\n non-authorized socket or URL connections to hosts other\n than the origin host. (CVE-2009-2673)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted Java Web Start application to escalate\n privileges. For example, an untrusted application might\n grant itself permissions to read and write local files\n or run local applications that are accessible to the\n user running the untrusted applet. (CVE-2009-2674)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with unpacking applets and Java Web Start\n applications using the unpack200 JAR unpacking utility\n might allow an untrusted applet or application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-2675)\n\n - A vulnerability in the Java Runtime Environment (JRE)\n with parsing XML data might allow a remote client to\n create a denial-of-service condition on the system that\n the JRE runs on. (CVE-2009-2625)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=548655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2625.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2670.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2674.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1497.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-1.6.0_sr6-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr6-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr6-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr6-1.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr6-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:13", "description": "JavaSE 6: update 75 patch (equivalent to JDK 6u75).\nDate this patch was last updated by Sun : Apr/14/14", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125136-75", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125136", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_125136-75.NASL", "href": "https://www.tenable.com/plugins/nessus/107416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107416);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\");\n\n script_name(english:\"Solaris 10 (sparc) : 125136-75\");\n script_summary(english:\"Check for patch 125136-75\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125136-75\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 75 patch (equivalent to JDK 6u75).\nDate this patch was last updated by Sun : Apr/14/14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125136-75\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125136-75 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2675\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125136\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.24\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-75\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj6cfg / SUNWj6dev / SUNWj6dmo / SUNWj6jmp / SUNWj6man / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:14", "description": "JavaSE 6: update 71 patch (equivalent to JDK 6u71).\nDate this patch was last updated by Sun : Jan/14/14", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125136-71", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125136", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_125136-71.NASL", "href": "https://www.tenable.com/plugins/nessus/107415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107415);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\");\n\n script_name(english:\"Solaris 10 (sparc) : 125136-71\");\n script_summary(english:\"Check for patch 125136-71\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125136-71\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 71 patch (equivalent to JDK 6u71).\nDate this patch was last updated by Sun : Jan/14/14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125136-71\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 125136-71 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2675\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125136\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.24\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125136-71\", obsoleted_by:\"152919-01 152076-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWj6cfg / SUNWj6dev / SUNWj6dmo / SUNWj6jmp / SUNWj6man / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:25", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR10 Java release. All running instances of IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages made available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of August 2009. These packages are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were not made public until after those errata were released. Since the packages are identical, there is no need to install this update if RHEA-2009:1208 or RHEA-2009:1210 has already been installed.", "cvss3": {}, "published": "2009-08-31T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/40814", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1236. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40814);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-3403\");\n script_bugtraq_id(35939, 35943, 35944, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1236\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1236)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-2625, CVE-2009-2670,\nCVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\n\nNote: The packages included in this update are identical to the\npackages made available by RHEA-2009:1208 and RHEA-2009:1210 on the\n13th of August 2009. These packages are being reissued as a Red Hat\nSecurity Advisory as they fixed a number of security issues that were\nnot made public until after those errata were released. Since the\npackages are identical, there is no need to install this update if\nRHEA-2009:1208 or RHEA-2009:1210 has already been installed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1236\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1236\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:34", "description": "CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass\n\nCVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)\n\nCVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)\n\nCVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)\n\nCVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)\n\nCVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)\n\nCVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)\n\nCVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167)\n\nCVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)\n\nCVE-2009-2690 OpenJDK private variable information disclosure (6777487)\n\nCVE-2009-2676 JRE applet launcher vulnerability\n\nAll running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2690"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090824_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60645);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2690\");\n\n script_name(english:\"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-0217 xmlsec1, mono, xml-security-c,\nxml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing\nand authentication bypass\n\nCVE-2009-2670 OpenJDK Untrusted applet System properties access\n(6738524)\n\nCVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks\n(6801071)\n\nCVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket\nconnections (6801497)\n\nCVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow\n(6823373)\n\nCVE-2009-2675 Java Web Start Buffer unpack200 processing integer\noverflow (6830335)\n\nCVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)\n\nCVE-2009-2475 OpenJDK information leaks in mutable variables\n(6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600\n49,6660539,6813167)\n\nCVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)\n\nCVE-2009-2690 OpenJDK private variable information disclosure\n(6777487)\n\nCVE-2009-2676 JRE applet launcher vulnerability\n\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-errata&T=0&P=2845\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66507316\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-sun-compat and / or jdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"java-1.6.0-sun-compat-1.6.0.16-1.sl4.jpp\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"jdk-1.6.0_16-fcs\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-sun-compat-1.6.0.16-1.sl5.jpp\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jdk-1.6.0_16-fcs\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:11", "description": "This update of java-1_6_0-openjdk fixes the following issues :\n\n - CVE-2009-2670: OpenJDK Untrusted applet System properties access\n\n - CVE-2009-2671,CVE-2009-2672: OpenJDK Proxy mechanism information leaks\n\n - CVE-2009-2673: OpenJDK proxy mechanism allows non-authorized socket connections\n\n - CVE-2009-2674: Java Web Start Buffer JPEG processing integer overflow\n\n - CVE-2009-2675: Java Web Start Buffer unpack200 processing integer overflow\n\n - CVE-2009-2625: OpenJDK XML parsing Denial-Of-Service\n\n - CVE-2009-2475: OpenJDK information leaks in mutable variables\n\n - CVE-2009-2476: OpenJDK OpenType checks can be bypassed\n\n - CVE-2009-2689: OpenJDK JDK13Services grants unnecessary privileges\n\n - CVE-2009-2690: OpenJDK private variable information disclosure", "cvss3": {}, "published": "2009-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_JAVA-1_6_0-OPENJDK-090920.NASL", "href": "https://www.tenable.com/plugins/nessus/41622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-1330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41622);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-1330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of java-1_6_0-openjdk fixes the following issues :\n\n - CVE-2009-2670: OpenJDK Untrusted applet System\n properties access\n\n - CVE-2009-2671,CVE-2009-2672: OpenJDK Proxy mechanism\n information leaks\n\n - CVE-2009-2673: OpenJDK proxy mechanism allows\n non-authorized socket connections\n\n - CVE-2009-2674: Java Web Start Buffer JPEG processing\n integer overflow\n\n - CVE-2009-2675: Java Web Start Buffer unpack200\n processing integer overflow\n\n - CVE-2009-2625: OpenJDK XML parsing Denial-Of-Service\n\n - CVE-2009-2475: OpenJDK information leaks in mutable\n variables\n\n - CVE-2009-2476: OpenJDK OpenType checks can be bypassed\n\n - CVE-2009-2689: OpenJDK JDK13Services grants unnecessary\n privileges\n\n - CVE-2009-2690: OpenJDK private variable information\n disclosure\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=537969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-1.6_b16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-demo-1.6_b16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-devel-1.6_b16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-javadoc-1.6_b16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-plugin-1.6_b16-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_6_0-openjdk-src-1.6_b16-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:22", "description": "This update of java-1_6_0-openjdk fixes the following issues :\n\n - CVE-2009-2670: OpenJDK Untrusted applet System properties access\n\n - CVE-2009-2671,CVE-2009-2672: OpenJDK Proxy mechanism information leaks\n\n - CVE-2009-2673: OpenJDK proxy mechanism allows non-authorized socket connections\n\n - CVE-2009-2674: Java Web Start Buffer JPEG processing integer overflow\n\n - CVE-2009-2675: Java Web Start Buffer unpack200 processing integer overflow\n\n - CVE-2009-2625: OpenJDK XML parsing Denial-Of-Service\n\n - CVE-2009-2475: OpenJDK information leaks in mutable variables\n\n - CVE-2009-2476: OpenJDK OpenType checks can be bypassed\n\n - CVE-2009-2689: OpenJDK JDK13Services grants unnecessary privileges\n\n - CVE-2009-2690: OpenJDK private variable information disclosure", "cvss3": {}, "published": "2009-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_JAVA-1_6_0-OPENJDK-090922.NASL", "href": "https://www.tenable.com/plugins/nessus/41623", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-openjdk-1330.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41623);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)\");\n script_summary(english:\"Check for the java-1_6_0-openjdk-1330 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of java-1_6_0-openjdk fixes the following issues :\n\n - CVE-2009-2670: OpenJDK Untrusted applet System\n properties access\n\n - CVE-2009-2671,CVE-2009-2672: OpenJDK Proxy mechanism\n information leaks\n\n - CVE-2009-2673: OpenJDK proxy mechanism allows\n non-authorized socket connections\n\n - CVE-2009-2674: Java Web Start Buffer JPEG processing\n integer overflow\n\n - CVE-2009-2675: Java Web Start Buffer unpack200\n processing integer overflow\n\n - CVE-2009-2625: OpenJDK XML parsing Denial-Of-Service\n\n - CVE-2009-2475: OpenJDK information leaks in mutable\n variables\n\n - CVE-2009-2476: OpenJDK OpenType checks can be bypassed\n\n - CVE-2009-2689: OpenJDK JDK13Services grants unnecessary\n privileges\n\n - CVE-2009-2690: OpenJDK private variable information\n disclosure\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=537969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-1.6_b16-0.1.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-demo-1.6_b16-0.1.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-devel-1.6_b16-0.1.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-javadoc-1.6_b16-0.1.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-plugin-1.6_b16-0.1.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-openjdk-src-1.6_b16-0.1.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:02", "description": "It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation.\n(CVE-2009-0217)\n\nIt was discovered that JAR bundles would appear signed if only one element was signed. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code.\n(CVE-2009-1896)\n\nIt was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code. (CVE-2009-2475, CVE-2009-2690)\n\nA flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. (CVE-2009-2476)\n\nIt was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. (CVE-2009-2625)\n\nIt was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties.\n(CVE-2009-2670)\n\nMultiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy.\n(CVE-2009-2671, CVE-2009-2672, CVE-2009-2673)\n\nFlaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges. (CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-11T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-814-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-814-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40547);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1896\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35946, 35958);\n script_xref(name:\"USN\", value:\"814-1\");\n\n script_name(english:\"Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the XML HMAC signature system did not correctly\ncheck certain lengths. If an attacker sent a truncated HMAC, it could\nbypass authentication, leading to potential privilege escalation.\n(CVE-2009-0217)\n\nIt was discovered that JAR bundles would appear signed if only one\nelement was signed. If a user were tricked into running a malicious\nJava applet, a remote attacker could exploit this to gain access to\nprivate information and potentially run untrusted code.\n(CVE-2009-1896)\n\nIt was discovered that certain variables could leak information. If a\nuser were tricked into running a malicious Java applet, a remote\nattacker could exploit this to gain access to private information and\npotentially run untrusted code. (CVE-2009-2475, CVE-2009-2690)\n\nA flaw was discovered the OpenType checking. If a user were tricked\ninto running a malicious Java applet, a remote attacker could bypass\naccess restrictions. (CVE-2009-2476)\n\nIt was discovered that the XML processor did not correctly check\nrecursion. If a user or automated system were tricked into processing\na specially crafted XML, the system could crash, leading to a denial\nof service. (CVE-2009-2625)\n\nIt was discovered that the Java audio subsystem did not correctly\nvalidate certain parameters. If a user were tricked into running an\nuntrusted applet, a remote attacker could read system properties.\n(CVE-2009-2670)\n\nMultiple flaws were discovered in the proxy subsystem. If a user were\ntricked into running an untrusted applet, a remote attacker could\ndiscover local user names, obtain access to sensitive information, or\nbypass socket restrictions, leading to a loss of privacy.\n(CVE-2009-2671, CVE-2009-2672, CVE-2009-2673)\n\nFlaws were discovered in the handling of JPEG images, Unpack200\narchives, and JDK13Services. If a user were tricked into running an\nuntrusted applet, a remote attacker could load a specially crafted\nfile that would bypass local file access protections and run arbitrary\ncode with user privileges. (CVE-2009-2674, CVE-2009-2675,\nCVE-2009-2676, CVE-2009-2689).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/814-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"icedtea6-plugin\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-demo\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-doc\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b12-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"icedtea6-plugin\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-dbg\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-demo\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-doc\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-jdk\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-source\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openjdk-6-source-files\", pkgver:\"6b14-1.4.1-0ubuntu11\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea6-plugin / openjdk-6-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:14", "description": "CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass\n\nCVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)\n\nCVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)\n\nCVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)\n\nCVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)\n\nCVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)\n\nCVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)\n\nCVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167)\n\nCVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)\n\nCVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448)\n\nCVE-2009-2690 OpenJDK private variable information disclosure (6777487)\n\nA flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\n\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\n\nCVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090806_JAVA_1_6_0_OPENJDK_ON_SL5_3.NASL", "href": "https://www.tenable.com/plugins/nessus/60633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60633);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-0217 xmlsec1, mono, xml-security-c,\nxml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing\nand authentication bypass\n\nCVE-2009-2670 OpenJDK Untrusted applet System properties access\n(6738524)\n\nCVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks\n(6801071)\n\nCVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket\nconnections (6801497)\n\nCVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow\n(6823373)\n\nCVE-2009-2675 Java Web Start Buffer unpack200 processing integer\noverflow (6830335)\n\nCVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)\n\nCVE-2009-2475 OpenJDK information leaks in mutable variables\n(6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600\n49,6660539,6813167)\n\nCVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)\n\nCVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges\n(6777448)\n\nCVE-2009-2690 OpenJDK private variable information disclosure\n(6777487)\n\nA flaw was found in the way the XML Digital Signature implementation\nin the JRE handled HMAC-based XML signatures. An attacker could use\nthis flaw to create a crafted signature that could allow them to\nbypass authentication, or trick a user, applet, or application into\naccepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable\nstatic variables. These could be exploited in application scenarios\nthat execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could\nallow a rogue application to bypass access restrictions by acquiring\nreferences to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A\nremote attacker could use this flaw to supply crafted XML that would\nlead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or\napplication could use this flaw to gain read access to restricted\nSystem properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted\napplet or application could use these flaws to discover the usernames\nof users running applets and applications, or obtain web browser\ncookies and use them for session hijacking attacks. (CVE-2009-2671,\nCVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access\nrestrictions and communicate using non-authorized socket or URL\nconnections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG\nimages. An untrusted application could use this flaw to extend its\nprivileges, allowing it to read and write local files, as well as to\nexecute local applications with the privileges of the user running the\napplication. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet or\napplication. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to\ncertain object types. This could be misused by an untrusted applet or\napplication to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java\nvariables were handled. An untrusted applet or application could use\nthis flaw to obtain information from variables that would otherwise be\nprivate. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\n\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\n\nCVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered\nin java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-errata&T=0&P=2708\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a886728\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.2.b09.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:43:42", "description": "Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-3403"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/43774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1201 and \n# CentOS Errata and Security Advisory 2009:1201 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43774);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-3403\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1201\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nand a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation\nin the JRE handled HMAC-based XML signatures. An attacker could use\nthis flaw to create a crafted signature that could allow them to\nbypass authentication, or trick a user, applet, or application into\naccepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable\nstatic variables. These could be exploited in application scenarios\nthat execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could\nallow a rogue application to bypass access restrictions by acquiring\nreferences to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A\nremote attacker could use this flaw to supply crafted XML that would\nlead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or\napplication could use this flaw to gain read access to restricted\nSystem properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted\napplet or application could use these flaws to discover the usernames\nof users running applets and applications, or obtain web browser\ncookies and use them for session hijacking attacks. (CVE-2009-2671,\nCVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access\nrestrictions and communicate using non-authorized socket or URL\nconnections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG\nimages. An untrusted application could use this flaw to extend its\nprivileges, allowing it to read and write local files, as well as to\nexecute local applications with the privileges of the user running the\napplication. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet or\napplication. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to\ncertain object types. This could be misused by an untrusted applet or\napplication to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java\nvariables were handled. An untrusted applet or application could use\nthis flaw to obtain information from variables that would otherwise be\nprivate. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\nCVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered\nin java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat\nEnterprise Linux allowed the java-1.6.0-openjdk package from the EPEL\nrepository to take precedence (appear newer). Users using\njava-1.6.0-openjdk from EPEL would not have received security updates\nsince October 2008. This update prevents the packages from EPEL from\ntaking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016064.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a9630eb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016065.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?061fbbe3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.2.b09.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.2.b09.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:01", "description": "Urgent security fixes have been included.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "nessus", "title": "Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-8337.NASL", "href": "https://www.tenable.com/plugins/nessus/40515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8337.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40515);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1896\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35958);\n script_xref(name:\"FEDORA\", value:\"2009-8337\");\n\n script_name(english:\"Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Urgent security fixes have been included.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513223\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/027595.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6ccb7a9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"java-1.6.0-openjdk-1.6.0.0-20.b16.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:01", "description": "Urgent security updates have been included\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-08-07T00:00:00", "type": "nessus", "title": "Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8329.NASL", "href": "https://www.tenable.com/plugins/nessus/40507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8329.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40507);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1896\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35958);\n script_xref(name:\"FEDORA\", value:\"2009-8329\");\n\n script_name(english:\"Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Urgent security updates have been included\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513223\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/027580.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6bcd6c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"java-1.6.0-openjdk-1.6.0.0-27.b16.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:01", "description": "Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-07T00:00:00", "type": "nessus", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/40510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1201. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40510);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-3403\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1201\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nand a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation\nin the JRE handled HMAC-based XML signatures. An attacker could use\nthis flaw to create a crafted signature that could allow them to\nbypass authentication, or trick a user, applet, or application into\naccepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable\nstatic variables. These could be exploited in application scenarios\nthat execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could\nallow a rogue application to bypass access restrictions by acquiring\nreferences to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A\nremote attacker could use this flaw to supply crafted XML that would\nlead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or\napplication could use this flaw to gain read access to restricted\nSystem properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted\napplet or application could use these flaws to discover the usernames\nof users running applets and applications, or obtain web browser\ncookies and use them for session hijacking attacks. (CVE-2009-2671,\nCVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access\nrestrictions and communicate using non-authorized socket or URL\nconnections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG\nimages. An untrusted application could use this flaw to extend its\nprivileges, allowing it to read and write local files, as well as to\nexecute local applications with the privileges of the user running the\napplication. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet or\napplication. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to\ncertain object types. This could be misused by an untrusted applet or\napplication to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java\nvariables were handled. An untrusted applet or application could use\nthis flaw to obtain information from variables that would otherwise be\nprivate. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\nCVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered\nin java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat\nEnterprise Linux allowed the java-1.6.0-openjdk package from the EPEL\nrepository to take precedence (appear newer). Users using\njava-1.6.0-openjdk from EPEL would not have received security updates\nsince October 2008. This update prevents the packages from EPEL from\ntaking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2690\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d520449c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1201\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1201\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.2.b09.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.2.b09.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:45", "description": "From Red Hat Security Advisory 2009:1201 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/67905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1201 and \n# Oracle Linux Security Advisory ELSA-2009-1201 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67905);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-3403\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1201\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1201 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nand a bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications\nwritten using the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation\nin the JRE handled HMAC-based XML signatures. An attacker could use\nthis flaw to create a crafted signature that could allow them to\nbypass authentication, or trick a user, applet, or application into\naccepting untrusted content. (CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable\nstatic variables. These could be exploited in application scenarios\nthat execute untrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could\nallow a rogue application to bypass access restrictions by acquiring\nreferences to privileged objects through finalizer resurrection.\n(CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A\nremote attacker could use this flaw to supply crafted XML that would\nlead to a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or\napplication could use this flaw to gain read access to restricted\nSystem properties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted\napplet or application could use these flaws to discover the usernames\nof users running applets and applications, or obtain web browser\ncookies and use them for session hijacking attacks. (CVE-2009-2671,\nCVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation.\nThis flaw allowed an untrusted applet or application to bypass access\nrestrictions and communicate using non-authorized socket or URL\nconnections to hosts other than the origin host. (CVE-2009-2673)\n\nAn integer overflow flaw was found in the way the JRE processes JPEG\nimages. An untrusted application could use this flaw to extend its\nprivileges, allowing it to read and write local files, as well as to\nexecute local applications with the privileges of the user running the\napplication. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality.\nAn untrusted applet or application could extend its privileges,\nallowing it to read and write local files, as well as to execute local\napplications with the privileges of the user running the applet or\napplication. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to\ncertain object types. This could be misused by an untrusted applet or\napplication to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java\nvariables were handled. An untrusted applet or application could use\nthis flaw to obtain information from variables that would otherwise be\nprivate. (CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\nCVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered\nin java-1.6.0-openjdk by calling the 'appletviewer' application.\n\nThis update also fixes the following bug :\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat\nEnterprise Linux allowed the java-1.6.0-openjdk package from the EPEL\nrepository to take precedence (appear newer). Users using\njava-1.6.0-openjdk from EPEL would not have received security updates\nsince October 2008. This update prevents the packages from EPEL from\ntaking precedence. (BZ#499079)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001104.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.2.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.2.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.2.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.2.b09.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.2.b09.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:38", "description": "Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2690", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/40749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1200. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40749);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2690\", \"CVE-2009-2716\", \"CVE-2009-2718\", \"CVE-2009-2719\", \"CVE-2009-2720\", \"CVE-2009-3403\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35946, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1200\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment\nand the Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476,\nCVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672,\nCVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676,\nCVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2720\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d520449c\"\n );\n # http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55232d04\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1200\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1200\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-sun / java-1.6.0-sun-demo / java-1.6.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:17", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2475", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-3403"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1199.NASL", "href": "https://www.tenable.com/plugins/nessus/40748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1199. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40748);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2475\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\", \"CVE-2009-2720\", \"CVE-2009-2721\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2724\", \"CVE-2009-3403\");\n script_bugtraq_id(35671, 35922, 35939, 35942, 35943, 35944, 35946, 35958);\n script_xref(name:\"RHSA\", value:\"2009:1199\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment\nand the Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the 'Advance notification of\nSecurity Updates for Java SE' page from Sun Microsystems, listed in\nthe References section. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670,\nCVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,\nCVE-2009-2676, CVE-2009-2689)\n\nUsers of java-1.5.0-sun should upgrade to these updated packages,\nwhich correct these issues. All running instances of Sun Java must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2724\"\n );\n # http://blogs.sun.com/security/entry/advance_notification_of_security_updates5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d520449c\"\n );\n # http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28585f6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1199\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1199\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i586\", reference:\"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:16", "description": "The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 5.\n\nThe remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.", "cvss3": {}, "published": "2009-09-03T00:00:00", "type": "nessus", "title": "Mac OS X : Java for Mac OS X 10.5 Update 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2205", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2722", "CVE-2009-2723"], "modified": "2023-05-01T00:00:00", "cpe": [], "id": "MACOSX_JAVA_10_5_UPDATE5.NASL", "href": "https://www.tenable.com/plugins/nessus/40873", "sourceData": "#TRUSTED 1ec49269c85f05360c44d6c0024ea0726e3c142a8c17dfa864d8b3a73ffada66a7c09458277d4d5d8114cc15d7aef477aeeebcad3242afe557b3c63618ebf4c66bb9bf08af35b623ce69ff554b28e2f6a4171528ba4d863d1bde18bf58f0b08faf9c79d19425964f78e79d88a6029b64981e481c7408804ee468656d0c1d772f14cb6e6471dbb22058961306d1022139ffbe11509cf3b540eb4b445065dba0fba65521ae7dd228ac0618fdded543fc2df44cb446d4a3db7c413a692e22db99a825b3ffdd91d5b4ecc9c3bde4f394e61a3b5e651cb05b38c7f79fe233717577deb3cd50564f3172a864c3e4c7c4cda48d7382fcfe18110c0ac2cdb8123bf2eef90029ca61f10349f75aed37d6154c51b701156b1f403e76d6e1dc9e5ff0b6745171229e1bb804b264471055830eecf851b6d0cc2d7dc24de89361969f05c34af0446b536067abfaada6e3c595ac5d1dfc7e9e0e7aefad6dabb057241a530db814de0cf3b427ace3043517ff3b774bb744105d2dcebcd900e62043bbf665be448fb6bffbdd4e05fb8dc006da4cb1a8dbd18544822d698165d221671b1f38daff9bdf043e3f27e8c8ee3dad1e37ff15ee9cc1dd00b1fe4348d628b5f038079a95be7b0d83624032279f728fb622452e25db0d7eaf5f40bd5d1e63c6d3be37558e1bab0583b8dd2d37cb2ed44cc6c7386c7f59c80a988c1c845e036b04cf5a5e1e6d\n#TRUST-RSA-SHA256 23b37777ca66a78e5db20be114271fd490a947e90572d618b578102a135dbd5979cfbb78d89c57f427f3fddf43454dbfbd3be2d8dd16b490878cf4108b2dff49338144df2d3a5bc8c15d571a6e75d82979684726c86a490631ed4e8491c21484160018cc0edf04a08a8aae291d923e6fff96773a5b877ac5098626ef3bab20955977a540045192969bc5ec5b5750cb549b0b48047bb6d1e3c3cfc955a2bb9750ef9120f8246ef34e9a8678a2c52d7d3ef6fa85b7859c0acaa6ce502b02f57574bb60a4096d992d6747c195b8afac2aaec2a805ad987094a6af95b99d00e1bda707d6a7df3bcb51a921a1c82611b84291b0f31d3a43a93001ef71d873f63109daf75f64f302da97c9d19b0cf7db59c48a6649b8a3644fc4180c2ac0f6105f0b24628670af6178d3e4098cb798477d7eb065d33cb48c00ae35c28bc5a257bebcb0db1b09168495c849e7145336f50de9ff48aae1d1d3dfbbd33d7233aef206650c034bcf0d98045ad3cf05561390339ddcd6065717f16222b86c92535307504b984c3c013cd1d747ad277b088ceee79dac2774c59b1f87063e17e38c7e29e05e2a339eb71d5818fa5ffee3f4f38f4af245a2d881d66667b65e569d66d707c2c95e94d32da74e08666dd26601bd28da1ae56c2827dbadd7dfe71995f3a4ad6b67bad69c655f7490da7336039ff4d88b488fe325fdc5a97e4fbe06158a8ac67cce25\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40873);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/01\");\n\n script_cve_id(\n \"CVE-2009-0217\",\n \"CVE-2009-2205\",\n \"CVE-2009-2475\",\n \"CVE-2009-2476\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2674\",\n \"CVE-2009-2675\",\n \"CVE-2009-2689\",\n \"CVE-2009-2690\",\n \"CVE-2009-2722\",\n \"CVE-2009-2723\"\n );\n script_bugtraq_id(35671, 35939, 35942, 35943, 35958);\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.5 Update 5\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host is running a version of Java for Mac OS X\n10.5 that is missing Update 5.\n\nThe remote version of this software contains several security\nvulnerabilities, including some that may allow untrusted Java applets\nto obtain elevated privileges and lead to execution of arbitrary code\nwith the privileges of the current user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.apple.com/kb/HT3851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/advisories/17819\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Java for Mac OS X 10.5 Update 5 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2723\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread_wrapper(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n if (buf !~ \"^[0-9]\") exit(1, \"Failed to get the version - '\"+buf+\"'.\");\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\n\n# Mac OS X 10.5 only.\nif (!egrep(pattern:\"Darwin.* 9\\.\", string:uname)) exit(0, \"The remote Mac is not affected.\");\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd = string(\n \"cat \", plist, \" | \",\n \"grep -A 1 CFBundleVersion | \",\n \"tail -n 1 | \",\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\''\n);\nversion = exec(cmd:cmd);\nif (!strlen(version)) exit(1, \"Can't get version info from '\"+plist+\"'.\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Fixed in version 12.4.1.\nif (\n ver[0] < 12 ||\n (\n ver[0] == 12 &&\n (\n ver[1] < 4 ||\n (ver[1] == 4 && ver[2] < 1)\n )\n )\n)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet')\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.4.1\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The remote host is not affected since JavaVM Framework version \"+version+\" is installed.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:23", "description": "Multiple Java OpenJDK security vulnerabilities has been identified and fixed :\n\nThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation specifies an HMAC truncation length (HMACOutputLength) but does not require a minimum for its length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits (CVE-2009-0217).\n\nThe Java Web Start framework does not properly check all application jar files trust and this allows context-dependent attackers to execute arbitrary code via a crafted application, related to NetX (CVE-2009-1896).\n\nSome variables and data structures without the final keyword definition allows context-depend attackers to obtain sensitive information. The target variables and data structures are stated as follow: (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).\n\nThe Java Management Extensions (JMX) implementation does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object (CVE-2009-2476).\n\nA flaw in the Xerces2 as used in OpenJDK allows remote attackers to cause denial of service via a malformed XML input (CVE-2009-2625).\n\nThe audio system does not prevent access to java.lang.System properties either by untrusted applets and Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties (CVE-2009-2670).\n\nA flaw in the SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked either an untrusted applet or Java Web Start application via unspecified vectors (CVE-2009-2671).\n\nA flaw in the proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword (CVE-2009-2673).\n\nAn integer overflow in the JPEG images parsing allows context-dependent attackers to gain privileges via an untrusted Java Web Start application that grants permissions to itself (CVE-2009-2674).\n\nAn integer overflow in the unpack200 utility decompression allows context-dependent attackers to gain privileges via vectors involving either an untrusted applet or Java Web Start application that grants permissions to itself (CVE-2009-2675).\n\nA flaw in the JDK13Services.getProviders grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions either via an untrusted applet or application (CVE-2009-2689).\n\nA flaw in the OpenJDK's encoder, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information either via an untrusted applet or application (CVE-2009-2690).", "cvss3": {}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-1896", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2689", "CVE-2009-2690"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:java-1.6.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-209.NASL", "href": "https://www.tenable.com/plugins/nessus/40694", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:209. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40694);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-0217\",\n \"CVE-2009-1896\",\n \"CVE-2009-2475\",\n \"CVE-2009-2476\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2673\",\n \"CVE-2009-2674\",\n \"CVE-2009-2675\",\n \"CVE-2009-2689\",\n \"CVE-2009-2690\"\n );\n script_bugtraq_id(\n 35671,\n 35922,\n 35939,\n 35942,\n 35943,\n 35944,\n 35958\n );\n script_xref(name:\"MDVSA\", value:\"2009:209\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple Java OpenJDK security vulnerabilities has been identified and\nfixed :\n\nThe design of the W3C XML Signature Syntax and Processing (XMLDsig)\nrecommendation specifies an HMAC truncation length (HMACOutputLength)\nbut does not require a minimum for its length, which allows attackers\nto spoof HMAC-based signatures and bypass authentication by specifying\na truncation length with a small number of bits (CVE-2009-0217).\n\nThe Java Web Start framework does not properly check all application\njar files trust and this allows context-dependent attackers to execute\narbitrary code via a crafted application, related to NetX\n(CVE-2009-1896).\n\nSome variables and data structures without the final keyword\ndefinition allows context-depend attackers to obtain sensitive\ninformation. The target variables and data structures are stated as\nfollow: (1) LayoutQueue, (2) Cursor.predefined, (3)\nAccessibleResourceBundle.getContents, (4)\nImageReaderSpi.STANDARD_INPUT_TYPE, (5)\nImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)\nDnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9)\nAbstractSaslImpl.logger, (10)\nSynth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector\nclass and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475).\n\nThe Java Management Extensions (JMX) implementation does not properly\nenforce OpenType checks, which allows context-dependent attackers to\nbypass intended access restrictions by leveraging finalizer\nresurrection to obtain a reference to a privileged object\n(CVE-2009-2476).\n\nA flaw in the Xerces2 as used in OpenJDK allows remote attackers to\ncause denial of service via a malformed XML input (CVE-2009-2625).\n\nThe audio system does not prevent access to java.lang.System\nproperties either by untrusted applets and Java Web Start\napplications, which allows context-dependent attackers to obtain\nsensitive information by reading these properties (CVE-2009-2670).\n\nA flaw in the SOCKS proxy implementation allows remote attackers to\ndiscover the user name of the account that invoked either an untrusted\napplet or Java Web Start application via unspecified vectors\n(CVE-2009-2671).\n\nA flaw in the proxy mechanism implementation allows remote attackers\nto bypass intended access restrictions and connect to arbitrary sites\nvia unspecified vectors, related to a declaration that lacks the final\nkeyword (CVE-2009-2673).\n\nAn integer overflow in the JPEG images parsing allows\ncontext-dependent attackers to gain privileges via an untrusted Java\nWeb Start application that grants permissions to itself\n(CVE-2009-2674).\n\nAn integer overflow in the unpack200 utility decompression allows\ncontext-dependent attackers to gain privileges via vectors involving\neither an untrusted applet or Java Web Start application that grants\npermissions to itself (CVE-2009-2675).\n\nA flaw in the JDK13Services.getProviders grants full privileges to\ninstances of unspecified object types, which allows context-dependent\nattackers to bypass intended access restrictions either via an\nuntrusted applet or application (CVE-2009-2689).\n\nA flaw in the OpenJDK's encoder, grants read access to private\nvariables with unspecified names, which allows context-dependent\nattackers to obtain sensitive information either via an untrusted\napplet or application (CVE-2009-2690).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.3mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:08", "description": "JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15", "cvss3": {}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 125136-97", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_125136.NASL", "href": "https://www.tenable.com/plugins/nessus/27008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27008);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 8 (sparc) : 125136-97\");\n script_summary(english:\"Check for patch 125136-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125136-97\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125136-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.24\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:54", "description": "JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15\n\nThis plugin has been deprecated and either replaced with individual 125136 patch-revision plugins, or deemed non-security related.", "cvss3": {}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125136-97 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_125136.NASL", "href": "https://www.tenable.com/plugins/nessus/26984", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26984);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 10 (sparc) : 125136-97 (deprecated)\");\n script_summary(english:\"Check for patch 125136-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15\n\nThis plugin has been deprecated and either replaced with individual\n125136 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125136-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 125136 instead.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:51", "description": "JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15", "cvss3": {}, "published": "2007-10-12T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 125136-97", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_125136.NASL", "href": "https://www.tenable.com/plugins/nessus/27020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27020);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\", \"CVE-2014-0429\", \"CVE-2014-0446\", \"CVE-2014-0451\", \"CVE-2014-0453\", \"CVE-2014-0457\", \"CVE-2014-0460\", \"CVE-2014-2398\", \"CVE-2014-2401\", \"CVE-2014-2412\", \"CVE-2014-2421\", \"CVE-2014-2427\");\n\n script_name(english:\"Solaris 9 (sparc) : 125136-97\");\n script_summary(english:\"Check for patch 125136-97\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 125136-97\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"JavaSE 6: update 101 patch (equivalent to.\nDate this patch was last updated by Sun : Jul/13/15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/125136-97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6rt\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6jmp\", version:\"1.6.0,REV=2006.12.07.19.24\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6man\", version:\"1.6.0,REV=2006.12.07.16.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6cfg\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6dmo\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"125136-97\", obsoleted_by:\"152076-05 \", package:\"SUNWj6dev\", version:\"1.6.0,REV=2006.11.29.05.57\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:13", "description": "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThis update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues.\nFor this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0217", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2010-0079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0043.NASL", "href": "https://www.tenable.com/plugins/nessus/44029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0043. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44029);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-3403\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2010-0079\");\n script_bugtraq_id(34240, 35671, 35939, 35942, 35943, 35944, 35946, 35958, 36881);\n script_xref(name:\"RHSA\", value:\"2010:0043\");\n\n script_name(english:\"RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server 5.3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.3. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\nCVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104,\nCVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673,\nCVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865,\nCVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874,\nCVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nUsers of Red Hat Network Satellite Server 5.3 are advised to upgrade\nto these updated java-1.6.0-ibm packages, which resolve these issues.\nFor this update to take effect, Red Hat Network Satellite Server must\nbe restarted ('/usr/sbin/rhn-satellite restart'), as well as all\nrunning instances of IBM Java.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0043\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 94, 119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0043\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"spacewalk-admin-\") || rpm_exists(release:\"RHEL5\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-1.6.0.7-1jpp.3.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.6.0-ibm-devel-1.6.0.7-1jpp.3.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.7-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-devel-1.6.0.7-1jpp.2.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:56", "description": "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThis update corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the Sun Java 5 Runtime Environment.\n(CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107, CVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)\n\nNote: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Satellite 5.1 channels on the Red Hat Network.\n\nFor a long term solution, Red Hat advises users to switch from Sun Java SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit for Linux. Refer to the Solution section for instructions.\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to these updated java-1.5.0-sun packages, which resolve these issues.\nAll running instances of Sun Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2011-04-23T00:00:00", "type": "nessus", "title": "RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2426", "CVE-2008-2086", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107", "CVE-2009-2409", "CVE-2009-2475", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-3403", "CVE-2009-3728", "CVE-2009-3873", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2010-0079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2009-1662.NASL", "href": "https://www.tenable.com/plugins/nessus/53539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1662. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53539);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2426\", \"CVE-2008-2086\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1107\", \"CVE-2009-2409\", \"CVE-2009-2475\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\", \"CVE-2009-3403\", \"CVE-2009-3728\", \"CVE-2009-3873\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2009-3879\", \"CVE-2009-3880\", \"CVE-2009-3881\", \"CVE-2009-3882\", \"CVE-2009-3883\", \"CVE-2009-3884\", \"CVE-2010-0079\");\n script_bugtraq_id(32620, 34240, 35922, 35939, 35943, 35944, 35946, 35958, 36881);\n script_xref(name:\"RHSA\", value:\"2009:1662\");\n\n script_name(english:\"RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-sun packages that correct several security issues\nare now available for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis update corrects several security vulnerabilities in the Sun Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.1. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the Sun Java 5 Runtime Environment.\n(CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094,\nCVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099,\nCVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107,\nCVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670,\nCVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,\nCVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873,\nCVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880,\nCVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)\n\nNote: This is the final update for the java-1.5.0-sun packages, as the\nSun Java SE Release family 5.0 has now reached End of Service Life. An\nalternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Satellite 5.1\nchannels on the Red Hat Network.\n\nFor a long term solution, Red Hat advises users to switch from Sun\nJava SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit\nfor Linux. Refer to the Solution section for instructions.\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade\nto these updated java-1.5.0-sun packages, which resolve these issues.\nAll running instances of Sun Java must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1662\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.5.0-sun and / or java-1.5.0-sun-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(16, 22, 94, 119, 189, 200, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1662\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-1.5.0.22-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-1.5.0.22-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i586\", reference:\"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-sun / java-1.5.0-sun-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:31", "description": "The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).", "cvss3": {}, "published": "2016-03-08T00:00:00", "type": "nessus", "title": "VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3864", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3885", "CVE-2009-3886"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2010-0002_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89736);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2675\",\n \"CVE-2009-2676\",\n \"CVE-2009-2716\",\n \"CVE-2009-2718\",\n \"CVE-2009-2719\",\n \"CVE-2009-2720\",\n \"CVE-2009-2721\",\n \"CVE-2009-2722\",\n \"CVE-2009-2723\",\n \"CVE-2009-2724\",\n \"CVE-2009-3728\",\n \"CVE-2009-3729\",\n \"CVE-2009-3864\",\n \"CVE-2009-3865\",\n \"CVE-2009-3866\",\n \"CVE-2009-3867\",\n \"CVE-2009-3868\",\n \"CVE-2009-3869\",\n \"CVE-2009-3871\",\n \"CVE-2009-3872\",\n \"CVE-2009-3873\",\n \"CVE-2009-3874\",\n \"CVE-2009-3875\",\n \"CVE-2009-3876\",\n \"CVE-2009-3877\",\n \"CVE-2009-3879\",\n \"CVE-2009-3880\",\n \"CVE-2009-3881\",\n \"CVE-2009-3882\",\n \"CVE-2009-3883\",\n \"CVE-2009-3884\",\n \"CVE-2009-3885\",\n \"CVE-2009-3886\"\n );\n script_bugtraq_id(\n 34240,\n 35922,\n 35939,\n 35943,\n 35944,\n 35946,\n 35958,\n 36881\n );\n script_xref(name:\"VMSA\", value:\"2010-0002\");\n\n script_name(english:\"VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including remote code\nexecution vulnerabilities, in the bundled version of the Java Runtime\nEnvironment (JRE).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2010-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2010/000097.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"3.5\", \"227413\",\n \"4.0\", \"256968\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:45:54", "description": "a. Java JRE Security Update\n\n JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.", "cvss3": {}, "published": "2010-03-31T00:00:00", "type": "nessus", "title": "VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3864", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3885", "CVE-2009-3886"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2010-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/45386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2010-0002. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45386);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2716\", \"CVE-2009-2718\", \"CVE-2009-2719\", \"CVE-2009-2720\", \"CVE-2009-2721\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2724\", \"CVE-2009-3728\", \"CVE-2009-3729\", \"CVE-2009-3864\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2009-3879\", \"CVE-2009-3880\", \"CVE-2009-3881\", \"CVE-2009-3882\", \"CVE-2009-3883\", \"CVE-2009-3884\", \"CVE-2009-3885\", \"CVE-2009-3886\");\n script_bugtraq_id(34240, 35922, 35939, 35943, 35944, 35946, 35958, 36881);\n script_xref(name:\"VMSA\", value:\"2010-0002\");\n\n script_name(english:\"VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Java JRE Security Update\n\n JRE update to version 1.5.0_22, which addresses multiple security\n issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864,\n CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,\n CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\n CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,\n CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\n CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000097.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2010-01-29\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-201003403-SG\",\n patch_updates : make_list(\"ESX350-201203401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201005402-SG\",\n patch_updates : make_list(\"ESX400-201103403-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:01", "description": "The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE.\n NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2009-11-18T00:00:00", "type": "nessus", "title": "GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2086", "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3107", "CVE-2008-3108", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114", "CVE-2008-3115", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-2409", "CVE-2009-2475", "CVE-2009-2476", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-2690", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:blackdown-jdk", "p-cpe:/a:gentoo:linux:blackdown-jre", "p-cpe:/a:gentoo:linux:emul-linux-x86-java", "p-cpe:/a:gentoo:linux:sun-jdk", "p-cpe:/a:gentoo:linux:sun-jre-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200911-02.NASL", "href": "https://www.tenable.com/plugins/nessus/42834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200911-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42834);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2086\", \"CVE-2008-3103\", \"CVE-2008-3104\", \"CVE-2008-3105\", \"CVE-2008-3106\", \"CVE-2008-3107\", \"CVE-2008-3108\", \"CVE-2008-3109\", \"CVE-2008-3110\", \"CVE-2008-3111\", \"CVE-2008-3112\", \"CVE-2008-3113\", \"CVE-2008-3114\", \"CVE-2008-3115\", \"CVE-2008-5339\", \"CVE-2008-5340\", \"CVE-2008-5341\", \"CVE-2008-5342\", \"CVE-2008-5343\", \"CVE-2008-5344\", \"CVE-2008-5345\", \"CVE-2008-5346\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5355\", \"CVE-2008-5356\", \"CVE-2008-5357\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-2409\", \"CVE-2009-2475\", \"CVE-2009-2476\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2674\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2689\", \"CVE-2009-2690\", \"CVE-2009-2716\", \"CVE-2009-2718\", \"CVE-2009-2719\", \"CVE-2009-2720\", \"CVE-2009-2721\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2724\", \"CVE-2009-3728\", \"CVE-2009-3729\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2009-3879\", \"CVE-2009-3880\", \"CVE-2009-3881\", \"CVE-2009-3882\", \"CVE-2009-3883\", \"CVE-2009-3884\", \"CVE-2009-3886\");\n script_bugtraq_id(30140, 30141, 30142, 30143, 30146, 30147, 30148, 32608, 32620, 32892, 34240, 35922, 35939, 35942, 35943, 35944, 35946, 36881);\n script_xref(name:\"GLSA\", value:\"200911-02\");\n\n script_name(english:\"GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200911-02\n(Sun JDK/JRE: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in the Sun Java\n implementation. Please review the CVE identifiers referenced below and\n the associated Sun Alerts for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted JAR\n archive, applet, or Java Web Start application, possibly resulting in\n the execution of arbitrary code with the privileges of the user running\n the application. Furthermore, a remote attacker could cause a Denial of\n Service affecting multiple services via several vectors, disclose\n information and memory contents, write or execute local files, conduct\n session hijacking attacks via GIFAR files, steal cookies, bypass the\n same-origin policy, load untrusted JAR files, establish network\n connections to arbitrary hosts and posts via several vectors, modify\n the list of supported graphics configurations, bypass HMAC-based\n authentication systems, escalate privileges via several vectors and\n cause applet code to be executed with older, possibly vulnerable\n versions of the JRE.\n NOTE: Some vulnerabilities require a trusted environment, user\n interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200911-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Sun JRE 1.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.22'\n All Sun JRE 1.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.17'\n All Sun JDK 1.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.22'\n All Sun JDK 1.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.17'\n All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.22'\n All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the\n latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.17'\n All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and\n precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge\n Java 1.4:\n # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*\n # emerge --unmerge =dev-java/sun-jre-bin-1.4*\n # emerge --unmerge =dev-java/sun-jdk-1.4*\n # emerge --unmerge dev-java/blackdown-jdk\n # emerge --unmerge dev-java/blackdown-jre\n Gentoo is ceasing support for the 1.4 generation of the Sun Java\n Platform in accordance with upstream. All 1.4 JRE and JDK versions are\n masked and will be removed shortly.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 94, 119, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:blackdown-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:blackdown-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emul-linux-x86-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sun-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sun-jre-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/blackdown-jre\", unaffected:make_list(), vulnerable:make_list(\"le 1.4.2.03-r14\"))) flag++;\nif (qpkg_check(package:\"dev-java/sun-jre-bin\", unaffected:make_list(\"rge 1.5.0.22\", \"ge 1.6.0.17\"), vulnerable:make_list(\"lt 1.6.0.17\"))) flag++;\nif (qpkg_check(package:\"app-emulation/emul-linux-x86-java\", unaffected:make_list(\"rge 1.5.0.22\", \"ge 1.6.0.17\"), vulnerable:make_list(\"lt 1.6.0.17\"))) flag++;\nif (qpkg_check(package:\"dev-java/sun-jdk\", unaffected:make_list(\"rge 1.5.0.22\", \"ge 1.6.0.17\"), vulnerable:make_list(\"lt 1.6.0.17\"))) flag++;\nif (qpkg_check(package:\"dev-java/blackdown-jdk\", unaffected:make_list(), vulnerable:make_list(\"le 1.4.2.03-r16\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Sun JDK/JRE\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:18", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :\n\n - Apache Geronimo\n - Apache Tomcat\n - Apache Xerces2\n - cURL/libcURL\n - ISC BIND\n - Libxml2\n - Linux kernel\n - Linux kernel 64-bit\n - Linux kernel Common Internet File System\n - Linux kernel eCryptfs\n - NTP\n - Python\n - Java Runtime Environment (JRE)\n - Java SE Development Kit (JDK)\n - Java SE Abstract Window Toolkit (AWT)\n - Java SE Plugin\n - Java SE Provider\n - Java SE Swing\n - Java SE Web Start", "cvss3": {}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5966", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-1947", "CVE-2008-2315", "CVE-2008-2370", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3528", "CVE-2008-4307", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5515", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0033", "CVE-2009-0159", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0580", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0696", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0778", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1192", "CVE-2009-1252", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2417", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2009-0016_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89117);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2007-2052\",\n \"CVE-2007-4965\",\n \"CVE-2007-5333\",\n \"CVE-2007-5342\",\n \"CVE-2007-5461\",\n \"CVE-2007-5966\",\n \"CVE-2007-6286\",\n \"CVE-2008-0002\",\n \"CVE-2008-1232\",\n \"CVE-2008-1721\",\n \"CVE-2008-1887\",\n \"CVE-2008-1947\",\n \"CVE-2008-2315\",\n \"CVE-2008-2370\",\n \"CVE-2008-3142\",\n \"CVE-2008-3143\",\n \"CVE-2008-3144\",\n \"CVE-2008-3528\",\n \"CVE-2008-4307\",\n \"CVE-2008-4864\",\n \"CVE-2008-5031\",\n \"CVE-2008-5515\",\n \"CVE-2008-5700\",\n \"CVE-2009-0028\",\n \"CVE-2009-0033\",\n \"CVE-2009-0159\",\n \"CVE-2009-0269\",\n \"CVE-2009-0322\",\n \"CVE-2009-0580\",\n \"CVE-2009-0675\",\n \"CVE-2009-0676\",\n \"CVE-2009-0696\",\n \"CVE-2009-0745\",\n \"CVE-2009-0746\",\n \"CVE-2009-0747\",\n \"CVE-2009-0748\",\n \"CVE-2009-0778\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-0787\",\n \"CVE-2009-0834\",\n \"CVE-2009-1072\",\n \"CVE-2009-1093\",\n \"CVE-2009-1094\",\n \"CVE-2009-1095\",\n \"CVE-2009-1096\",\n \"CVE-2009-1097\",\n \"CVE-2009-1098\",\n \"CVE-2009-1099\",\n \"CVE-2009-1100\",\n \"CVE-2009-1101\",\n \"CVE-2009-1102\",\n \"CVE-2009-1103\",\n \"CVE-2009-1104\",\n \"CVE-2009-1105\",\n \"CVE-2009-1106\",\n \"CVE-2009-1107\",\n \"CVE-2009-1192\",\n \"CVE-2009-1252\",\n \"CVE-2009-1336\",\n \"CVE-2009-1337\",\n \"CVE-2009-1385\",\n \"CVE-2009-1388\",\n \"CVE-2009-1389\",\n \"CVE-2009-1439\",\n \"CVE-2009-1630\",\n \"CVE-2009-1633\",\n \"CVE-2009-1895\",\n \"CVE-2009-2406\",\n \"CVE-2009-2407\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2417\",\n \"CVE-2009-2625\",\n \"CVE-2009-2670\",\n \"CVE-2009-2671\",\n \"CVE-2009-2672\",\n \"CVE-2009-2673\",\n \"CVE-2009-2675\",\n \"CVE-2009-2676\",\n \"CVE-2009-2692\",\n \"CVE-2009-2698\",\n \"CVE-2009-2716\",\n \"CVE-2009-2718\",\n \"CVE-2009-2719\",\n \"CVE-2009-2720\",\n \"CVE-2009-2721\",\n \"CVE-2009-2722\",\n \"CVE-2009-2723\",\n \"CVE-2009-2724\",\n \"CVE-2009-2847\",\n \"CVE-2009-2848\"\n );\n script_bugtraq_id(\n 23887,\n 25696,\n 26070,\n 26880,\n 27006,\n 27703,\n 27706,\n 28715,\n 28749,\n 29502,\n 30491,\n 30494,\n 30496,\n 31932,\n 33187,\n 33237,\n 33412,\n 33428,\n 33618,\n 33846,\n 33906,\n 33951,\n 34084,\n 34205,\n 34216,\n 34240,\n 34390,\n 34405,\n 34453,\n 34481,\n 34612,\n 34673,\n 34934,\n 35017,\n 35185,\n 35193,\n 35196,\n 35263,\n 35281,\n 35416,\n 35559,\n 35647,\n 35848,\n 35850,\n 35851,\n 35922,\n 35929,\n 35930,\n 35939,\n 35943,\n 35944,\n 35946,\n 35958,\n 36010,\n 36032,\n 36038,\n 36108,\n 49470\n );\n script_xref(name:\"VMSA\", value:\"2009-0016\");\n\n script_name(english:\"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in the following components :\n\n - Apache Geronimo\n - Apache Tomcat\n - Apache Xerces2\n - cURL/libcURL\n - ISC BIND\n - Libxml2\n - Linux kernel\n - Linux kernel 64-bit\n - Linux kernel Common Internet File System\n - Linux kernel eCryptfs\n - NTP\n - Python\n - Java Runtime Environment (JRE)\n - Java SE Development Kit (JDK)\n - Java SE Abstract Window Toolkit (AWT)\n - Java SE Plugin\n - Java SE Provider\n - Java SE Swing\n - Java SE Web Start\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2009-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX / ESXi version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nfixes = make_array();\nfixes[\"ESX 3.5\"] = 227413;\nfixes[\"ESXi 3.5\"] = 226117;\nfixes[\"ESX 4.0\"] = 208167;\nfixes[\"ESXi 4.0\"] = 208167;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n\n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE, xss:TRUE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:00", "description": "a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\nb. Update Apache Tomcat version\n\n Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.\n c. Third-party library update for ntp.\n The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.\n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.\n The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.\n The Service Console present in ESX is affected by the following security issues.\n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user.\n NTP authentication is not enabled by default on the Service Console.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.\n A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security issues listed below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164.\n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5.\n\n When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges.\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service.\n\n Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n\n Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption).\n\n Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service.\n\n An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n\n A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.\n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\n A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an assertion failure.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue.\n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8.\n\n libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.\n\n A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service.\n\n Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues.\n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue\n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue", "cvss3": {}, "published": "2009-11-23T00:00:00", "type": "nessus", "title": "VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5966", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-1947", "CVE-2008-2315", "CVE-2008-2370", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3528", "CVE-2008-4307", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5515", "CVE-2008-5700", "CVE-2009-0028", "CVE-2009-0033", "CVE-2009-0159", "CVE-2009-0269", "CVE-2009-0322", "CVE-2009-0580", "CVE-2009-0675", "CVE-2009-0676", "CVE-2009-0696", "CVE-2009-0745", "CVE-2009-0746", "CVE-2009-0747", "CVE-2009-0748", "CVE-2009-0778", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-0787", "CVE-2009-0834", "CVE-2009-1072", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1192", "CVE-2009-1252", "CVE-2009-1336", "CVE-2009-1337", "CVE-2009-1385", "CVE-2009-1388", "CVE-2009-1389", "CVE-2009-1439", "CVE-2009-1630", "CVE-2009-1633", "CVE-2009-1895", "CVE-2009-2406", "CVE-2009-2407", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2417", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2692", "CVE-2009-2698", "CVE-2009-2716", "CVE-2009-2718", "CVE-2009-2719", "CVE-2009-2720", "CVE-2009-2721", "CVE-2009-2722", "CVE-2009-2723", "CVE-2009-2724", "CVE-2009-2730", "CVE-2009-2847", "CVE-2009-2848"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.0.3", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esxi:3.5", "cpe:/o:vmware:esxi:4.0"], "id": "VMWARE_VMSA-2009-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/42870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0016. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42870);\n script_version(\"1.44\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5966\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-1947\", \"CVE-2008-2315\", \"CVE-2008-2370\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-3528\", \"CVE-2008-4307\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-5515\", \"CVE-2008-5700\", \"CVE-2009-0028\", \"CVE-2009-0033\", \"CVE-2009-0159\", \"CVE-2009-0269\", \"CVE-2009-0322\", \"CVE-2009-0580\", \"CVE-2009-0675\", \"CVE-2009-0676\", \"CVE-2009-0696\", \"CVE-2009-0745\", \"CVE-2009-0746\", \"CVE-2009-0747\", \"CVE-2009-0748\", \"CVE-2009-0778\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-0787\", \"CVE-2009-0834\", \"CVE-2009-1072\", \"CVE-2009-1093\", \"CVE-2009-1094\", \"CVE-2009-1095\", \"CVE-2009-1096\", \"CVE-2009-1097\", \"CVE-2009-1098\", \"CVE-2009-1099\", \"CVE-2009-1100\", \"CVE-2009-1101\", \"CVE-2009-1102\", \"CVE-2009-1103\", \"CVE-2009-1104\", \"CVE-2009-1105\", \"CVE-2009-1106\", \"CVE-2009-1107\", \"CVE-2009-1192\", \"CVE-2009-1252\", \"CVE-2009-1336\", \"CVE-2009-1337\", \"CVE-2009-1385\", \"CVE-2009-1388\", \"CVE-2009-1389\", \"CVE-2009-1439\", \"CVE-2009-1630\", \"CVE-2009-1633\", \"CVE-2009-1895\", \"CVE-2009-2406\", \"CVE-2009-2407\", \"CVE-2009-2414\", \"CVE-2009-2416\", \"CVE-2009-2417\", \"CVE-2009-2625\", \"CVE-2009-2670\", \"CVE-2009-2671\", \"CVE-2009-2672\", \"CVE-2009-2673\", \"CVE-2009-2675\", \"CVE-2009-2676\", \"CVE-2009-2692\", \"CVE-2009-2698\", \"CVE-2009-2716\", \"CVE-2009-2718\", \"CVE-2009-2719\", \"CVE-2009-2720\", \"CVE-2009-2721\", \"CVE-2009-2722\", \"CVE-2009-2723\", \"CVE-2009-2724\", \"CVE-2009-2847\", \"CVE-2009-2848\");\n script_bugtraq_id(25696, 26070, 26880, 27006, 27703, 27706, 28715, 28749, 29502, 30491, 30494, 30496, 31932, 31976, 33187, 33846, 33951, 34205, 34240, 34405, 34453, 34481, 34612, 34673, 34934, 35017, 35185, 35193, 35196, 35263, 35281, 35416, 35647, 35848, 35850, 35851, 35922, 35930, 35939, 35943, 35944, 35946, 35958, 36010, 36032, 36038, 36108);\n script_xref(name:\"VMSA\", value:\"2009-0016\");\n\n script_name(english:\"VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.\n\nb. Update Apache Tomcat version\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5)\n which addresses multiple security issues that existed\n in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515,\n CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002.\n \n c. Third-party library update for ntp.\n \n The Network Time Protocol (NTP) is used to synchronize a computer's\n time with a referenced time source.\n \n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory.\n \n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the 'ntp' user.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue.\n \n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0.\n \nd. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2\n \n The Network Time Protocol (NTP) is used to synchronize a computer's\n time with a referenced time source.\n \n The Service Console present in ESX is affected by the following\n security issues.\n \n A buffer overflow flaw was discovered in the ntpd daemon's NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the 'ntp' user.\n \n NTP authentication is not enabled by default on the Service Console.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue.\n \n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue.\n \n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues listed below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164.\n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5.\n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter's privileges.\n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service.\n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter's privileges.\n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption).\n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service.\n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter's privileges.\n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.\n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly.\n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the 'ANY' record type. A remote attacker could\n use this flaw to send a specially crafted dynamic update packet\n that could cause named to exit with an assertion failure.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue.\n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8.\n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files.\n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service.\n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues.\n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published 'null prefix attack',\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000087.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel Sendpage Local Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 310, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-11-20\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002204-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002205-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.0.3\", patch:\"ESX303-201002206-SG\")) flag++;\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002402-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002404-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201002407-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-201003403-SG\",\n patch_updates : make_list(\"ESX350-201203401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911201-UG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911223-UG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911232-SG\",\n patch_updates : make_list(\"ESX400-201009409-SG\", \"ESX400-201203403-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911233-SG\",\n patch_updates : make_list(\"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911234-SG\",\n patch_updates : make_list(\"ESX400-201209402-SG\", \"ESX400-201305404-SG\", \"ESX400-201310402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911235-SG\",\n patch_updates : make_list(\"ESX400-201203402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911237-SG\",\n patch_updates : make_list(\"ESX400-201005408-SG\", \"ESX400-201103407-SG\", \"ESX400-201305403-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-200911238-SG\",\n patch_updates : make_list(\"ESX400-201005404-SG\", \"ESX400-201404402-SG\", \"ESX400-Update01a\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 3.5.0\", patch:\"ESXe350-201002401-O-SG\")) flag++;\n\nif (esx_check(ver:\"ESXi 4.0\", patch:\"ESXi400-200911201-UG\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-21T04:47:09", "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR6 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-11-12T00:00:00", "type": "redhat", "title": "(RHSA-2009:1582) Critical: java-1.6.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676"], "modified": "2017-09-08T07:48:50", "id": "RHSA-2009:1582", "href": "https://access.redhat.com/errata/RHSA-2009:1582", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:42", "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR10 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\n\nNote: The packages included in this update are identical to the packages\nmade available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of\nAugust 2009. These packages are being reissued as a Red Hat Security\nAdvisory as they fixed a number of security issues that were not made\npublic until after those errata were released. Since the packages are\nidentical, there is no need to install this update if RHEA-2009:1208 or\nRHEA-2009:1210 has already been installed.", "cvss3": {}, "published": "2009-08-28T00:00:00", "type": "redhat", "title": "(RHSA-2009:1236) Critical: java-1.5.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675"], "modified": "2017-09-08T07:54:26", "id": "RHSA-2009:1236", "href": "https://access.redhat.com/errata/RHSA-2009:1236", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:17", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nA flaw was found in the way the XML Digital Signature implementation in the\nJRE handled HMAC-based XML signatures. An attacker could use this flaw to\ncreate a crafted signature that could allow them to bypass authentication,\nor trick a user, applet, or application into accepting untrusted content.\n(CVE-2009-0217)\n\nSeveral potential information leaks were found in various mutable static\nvariables. These could be exploited in application scenarios that execute\nuntrusted scripting code. (CVE-2009-2475)\n\nIt was discovered that OpenType checks can be bypassed. This could allow a\nrogue application to bypass access restrictions by acquiring references to\nprivileged objects through finalizer resurrection. (CVE-2009-2476)\n\nA denial of service flaw was found in the way the JRE processes XML. A\nremote attacker could use this flaw to supply crafted XML that would lead\nto a denial of service. (CVE-2009-2625)\n\nA flaw was found in the JRE audio system. An untrusted applet or\napplication could use this flaw to gain read access to restricted System\nproperties. (CVE-2009-2670)\n\nTwo flaws were found in the JRE proxy implementation. An untrusted applet\nor application could use these flaws to discover the usernames of users\nrunning applets and applications, or obtain web browser cookies and use\nthem for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672)\n\nAn additional flaw was found in the proxy mechanism implementation. This\nflaw allowed an untrusted applet or application to bypass access\nrestrictions and communicate using non-authorized socket or URL connections\nto hosts other than the origin host. (CVE-2009-2673) \n\nAn integer overflow flaw was found in the way the JRE processes JPEG\nimages. An untrusted application could use this flaw to extend its\nprivileges, allowing it to read and write local files, as well as to\nexecute local applications with the privileges of the user running the\napplication. (CVE-2009-2674)\n\nAn integer overflow flaw was found in the JRE unpack200 functionality. An\nuntrusted applet or application could extend its privileges, allowing it to\nread and write local files, as well as to execute local applications with\nthe privileges of the user running the applet or application. (CVE-2009-2675)\n\nIt was discovered that JDK13Services grants unnecessary privileges to\ncertain object types. This could be misused by an untrusted applet or\napplication to use otherwise restricted functionality. (CVE-2009-2689)\n\nAn information disclosure flaw was found in the way private Java variables\nwere handled. An untrusted applet or application could use this flaw to\nobtain information from variables that would otherwise be private.\n(CVE-2009-2690)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-2475,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,\nCVE-2009-2689, and CVE-2009-2690, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nThis update also fixes the following bug:\n\n* the EVR in the java-1.6.0-openjdk package as shipped with Red Hat\nEnterprise Linux allowed the java-1.6.0-openjdk package from the EPEL\nrepository to take precedence (appear newer). Users using\njava-1.6.0-openjdk from EPEL would not have received security updates since\nOctober 2008. This upd
remote code execution in java-1_5_0-sun,java-1_6_0-sun
