Vulnerabilities > CVE-2005-1974 - Privilege Escalation vulnerability in Sun Java Runtime Environment
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Nessus
NASL family Misc. NASL id JAVA_JRE_PLUGIN_SECURITY_BYPASS2_UNIX.NASL description The remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets. The JRE Plug-in security can be bypassed by tricking a user into viewing a maliciously crafted web page. Additionally, a denial of service vulnerability is present in this version of the JVM. This issue is triggered by viewing an applet that misuses the serialization API. last seen 2020-06-01 modified 2020-06-02 plugin id 64836 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64836 title Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64836); script_version("1.6"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2005-1973", "CVE-2005-1974"); script_bugtraq_id(13945, 13958); script_xref(name:"Secunia", value:"15671"); script_name(english:"Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation (Unix)"); script_summary(english:"Determines the version of Java JRE plugin"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host contains a runtime environment that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is using an unmanaged version of Sun Java Runtime Environment that has vulnerabilities in its Java Runtime Plug-in, a web browser add-on used to display Java applets. The JRE Plug-in security can be bypassed by tricking a user into viewing a maliciously crafted web page. Additionally, a denial of service vulnerability is present in this version of the JVM. This issue is triggered by viewing an applet that misuses the serialization API."); # http://web.archive.org/web/20080509045533/http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0103e844"); script_set_attribute(attribute:"solution", value: "Upgrade to JRE 1.4.2_08 / 1.5.0 update 2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-1974"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ "^1\.4\.([01]_|2_0*[0-7][^0-9])" || ver =~ "^1\.5\.0_0*[01][^0-9]" ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.4.2_08 / 1.5.0_02\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity) { if (vuln > 1) s = "s of Sun's JRE are"; else s = " of Sun's JRE is"; report = string( "\n", "The following vulnerable instance", s, " installed on the\n", "remote host :\n", info ); security_warning(port:0, extra:report); } else security_warning(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_032.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:032 (java2). Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files. This is tracked by the Mitre CVE ID CVE-2005-0836. The second bug is equal to the first one but can also triggered by untrusted applets. This is tracked by the Mitre CVE ID CVE-2005-1974. last seen 2020-06-01 modified 2020-06-02 plugin id 19241 published 2005-07-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19241 title SUSE-SA:2005:032: java2 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:032 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(19241); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:28"); name["english"] = "SUSE-SA:2005:032: java2"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:032 (java2). Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files. This is tracked by the Mitre CVE ID CVE-2005-0836. The second bug is equal to the first one but can also triggered by untrusted applets. This is tracked by the Mitre CVE ID CVE-2005-1974." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_32_java2.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/07/20"); script_end_attributes(); summary["english"] = "Check for the version of the java2 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"java2-1.4.2-144", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java2-jre-1.4.2-144", release:"SUSE8.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java2-1.4.2-144", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java2-jre-1.4.2-144", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java2-1.4.2-129.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java2-jre-1.4.2-129.14", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-alsa-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-demo-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-devel-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-jdbc-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-plugin-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-src-1.4.2.08-0.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-alsa-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-demo-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-devel-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-jdbc-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-plugin-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"java-1_4_2-sun-src-1.4.2.08-0.1", release:"SUSE9.3") ) { security_hole(0); exit(0); }NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33866.NASL description s700_800 11.00 OV ITO6.0X OVO JavaGUI client A.07.20.1 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 20086 published 2005-10-25 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20086 title HP-UX PHSS_33866 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_33866. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(20086); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-1974"); script_xref(name:"HP", value:"emr_na-c01033698"); script_xref(name:"HP", value:"SSRT051052"); script_name(english:"HP-UX PHSS_33866 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 OV ITO6.0X OVO JavaGUI client A.07.20.1 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01033698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43a5c3bd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_33866 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHSS_33866 applies to a different OS release."); } patches = make_list("PHSS_33866"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-ENG", version:"A.06.00")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-GUI", version:"A.06.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_33627.NASL description s700_800 11.X OV OVO8.1X PARISC JavaGUI client A.08.14 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 20085 published 2005-10-25 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20085 title HP-UX PHSS_33627 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_33627. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(20085); script_version("1.25"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-1974"); script_xref(name:"HP", value:"emr_na-c01033698"); script_xref(name:"HP", value:"SSRT051052"); script_name(english:"HP-UX PHSS_33627 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV OVO8.1X PARISC JavaGUI client A.08.14 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01033698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43a5c3bd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_33627 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00 11.11 11.23")) { exit(0, "The host is not affected since PHSS_33627 applies to a different OS release."); } patches = make_list("PHSS_33627", "PHSS_33864", "PHSS_34363", "PHSS_34733", "PHSS_35228", "PHSS_35791", "PHSS_36273", "PHSS_36772", "PHSS_37183", "PHSS_37566", "PHSS_38203", "PHSS_38854", "PHSS_39327", "PHSS_39896", "PHSS_40468", "PHSS_41213"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-ENG", version:"A.08.10.160")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-GUI", version:"A.08.10.160")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-JPN", version:"A.08.10.160")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-KOR", version:"A.08.10.160")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-SCH", version:"A.08.10.160")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-SPA", version:"A.08.10.160")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id JAVA_JRE_PLUGIN_SECURITY_BYPASS2.NASL description The remote host is using a vulnerable version of Sun Java Runtime Plug-in, an web browser addon used to display Java applets. It has been reported that the JRE Plug-in Security can be bypassed. A remote attacker could exploit this by tricking a user into viewing a maliciously crafted web page. Additionally, a denial of service vulnerability is present in this version of the JVM. This issue is triggered by viewing an applet that misuses the serialization API. last seen 2020-06-01 modified 2020-06-02 plugin id 18480 published 2005-06-14 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18480 title Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18480); script_version("1.26"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_cve_id("CVE-2005-1973", "CVE-2005-1974"); script_bugtraq_id(13958, 13945); script_xref(name:"Secunia", value:"15671"); script_name(english:"Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation"); script_summary(english:"Determines the version of Java JRE plugin"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is using a vulnerable version of Sun Java Runtime Plug-in, an web browser addon used to display Java applets. It has been reported that the JRE Plug-in Security can be bypassed. A remote attacker could exploit this by tricking a user into viewing a maliciously crafted web page. Additionally, a denial of service vulnerability is present in this version of the JVM. This issue is triggered by viewing an applet that misuses the serialization API." ); # http://web.archive.org/web/20080509045533/http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0103e844" ); script_set_attribute( attribute:"solution", value:"Upgrade to JRE 1.4.2_08 / 1.5.0 update 2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/14"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/13"); script_set_attribute(attribute:"patch_publication_date", value: "2005/06/13"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list("SMB/Java/JRE/*"); if (isnull(installs)) exit(0); info = ""; vuln = 0; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if ( ver =~ "^1\.4\.([01]_|2_0*[0-7][^0-9])" || ver =~ "^1\.5\.0_0*[01][^0-9]" ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.4.2_08 / 1.5.0_02\n'; } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity) { if (vuln > 1) s = "s of Sun's JRE are"; else s = " of Sun's JRE is"; report = string( "\n", "The following vulnerable instance", s, " installed on the\n", "remote host :\n", info ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32406.NASL description s700_800 11.X OV ITO7.1X JavaGUI client A.07.20.1 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 20084 published 2005-10-25 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20084 title HP-UX PHSS_32406 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_32406. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(20084); script_version("1.13"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-1974"); script_xref(name:"HP", value:"emr_na-c01033698"); script_xref(name:"HP", value:"SSRT051052"); script_name(english:"HP-UX PHSS_32406 : HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE), Remote Privileged Access (HPSBMA01234 SSRT051052 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV ITO7.1X JavaGUI client A.07.20.1 : A potential security vulnerability has been identified with the HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE). This vulnerability may allow an untrusted remote applet to elevate its privileges." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01033698 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43a5c3bd" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_32406 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00 11.11")) { exit(0, "The host is not affected since PHSS_32406 applies to a different OS release."); } patches = make_list("PHSS_32406"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-ENG", version:"A.07.10")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-GUI", version:"A.07.10")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-JPN", version:"A.07.10")) flag++; if (hpux_check_patch(app:"OVOPC-WWW.OVOPC-WWW-SPA", version:"A.07.10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://marc.info/?l=bugtraq&m=112861772130119&w=2
- http://marc.info/?l=bugtraq&m=112992075412844&w=2
- http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
- http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
- http://secunia.com/advisories/17272
- http://securityreason.com/securityalert/56
- http://securitytracker.com/id?1015643
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1
- http://www.novell.com/linux/security/advisories/2005_32_java2.html
- http://www.securityfocus.com/bid/13958
- http://www.vupen.com/english/advisories/2005/2150