Vulnerabilities > CVE-2007-2789 - Resource Management Errors vulnerability in SUN Jdk, JRE and SDK

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
sun
CWE-399
nessus

Summary

The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0133.NASL
    descriptionIBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id33247
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33247
    titleRHEL 2.1 : IBMJava2 (RHSA-2008:0133)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0133. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33247);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3922");
      script_bugtraq_id(24004, 25054);
      script_xref(name:"RHSA", value:"2008:0133");
    
      script_name(english:"RHEL 2.1 : IBMJava2 (RHSA-2008:0133)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "IBMJava2-JRE and IBMJava2-SDK packages that correct several security
    issues are available for Red Hat Enterprise Linux 2.1.
    
    IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment
    and the IBM Java 2 Software Development Kit.
    
    A buffer overflow was found in the Java Runtime Environment
    image-handling code. An untrusted applet or application could use this
    flaw to elevate its privileges and potentially execute arbitrary code
    as the user running the java virtual machine. (CVE-2007-3004)
    
    An unspecified vulnerability was discovered in the Java Runtime
    Environment. An untrusted applet or application could cause the java
    virtual machine to become unresponsive. (CVE-2007-3005)
    
    A flaw was found in the applet class loader. An untrusted applet could
    use this flaw to circumvent network access restrictions, possibly
    connecting to services hosted on the machine that executed the applet.
    (CVE-2007-3922)
    
    These updated packages also add the following enhancements :
    
    * Time zone information has been updated to the latest available
    information, 2007h.
    
    * Accessibility support in AWT can now be disabled through a system
    property, java.assistive. To support this change, permission to read
    this property must be added to
    /opt/IBMJava2-131/jre/lib/security/java.policy. Users of IBMJava2 who
    have modified this file should add this following line to the grant
    section :
    
    permission java.util.PropertyPermission 'java.assistive', 'read';
    
    All users of IBMJava2 should upgrade to these updated packages, which
    contain IBM's 1.3.1 SR11 Java release, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3004"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3922"
      );
      # http://www-128.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.ibm.com/us-en/?ar=1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0133"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected IBMJava2-JRE and / or IBMJava2-SDK packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:IBMJava2-JRE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:IBMJava2-SDK");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0133";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"IBMJava2-JRE-1.3.1-17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"IBMJava2-SDK-1.3.1-17")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "IBMJava2-JRE / IBMJava2-SDK");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications
    last seen2020-06-01
    modified2020-06-02
    plugin id32013
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32013
    titleGLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200804-20.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32013);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3655", "CVE-2007-5232", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689", "CVE-2008-0628", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_xref(name:"GLSA", value:"200804-20");
    
      script_name(english:"GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200804-20
    (Sun JDK/JRE: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Sun Java:
        Daniel Soeder discovered that a long codebase attribute string in a
        JNLP file will overflow a stack variable when launched by Java WebStart
        (CVE-2007-3655).
        Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788,
        CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA
        200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the
        initial revision of said GLSAs.
        The Zero Day Initiative, TippingPoint and John Heasman reported
        multiple buffer overflows and unspecified vulnerabilities in Java Web
        Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,
        CVE-2008-1191).
        Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue
        when performing XSLT transformations (CVE-2008-1187).
        CERT/CC reported a Stack-based buffer overflow in Java Web Start
        when using JNLP files (CVE-2008-1196).
        Azul Systems reported an unspecified vulnerability that allows
        applets to escalate their privileges (CVE-2007-5689).
        Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
        Weidong Shao, and David Byrne discovered multiple instances where Java
        applets or JavaScript programs run within browsers do not pin DNS
        hostnames to a single IP address, allowing for DNS rebinding attacks
        (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).
        Peter Csepely reported that Java Web Start does not properly
        enforce access restrictions for untrusted applications (CVE-2007-5237,
        CVE-2007-5238).
        Java Web Start does not properly enforce access restrictions for
        untrusted Java applications and applets, when handling drag-and-drop
        operations (CVE-2007-5239).
        Giorgio Maone discovered that warnings for untrusted code can be
        hidden under applications' windows (CVE-2007-5240).
        Fujitsu reported two security issues where security restrictions of
        web applets and applications were not properly enforced (CVE-2008-1185,
        CVE-2008-1186).
        John Heasman of NGSSoftware discovered that the Java Plug-in does
        not properly enforce the same origin policy (CVE-2008-1192).
        Chris Evans of the Google Security Team discovered multiple
        unspecified vulnerabilities within the Java Runtime Environment Image
        Parsing Library (CVE-2008-1193, CVE-2008-1194).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1195).
        Chris Evans and Johannes Henkel of the Google Security Team
        reported that the XML parsing code retrieves external entities even
        when that feature is disabled (CVE-2008-0628).
        Multiple unspecified vulnerabilities might allow for escalation of
        privileges (CVE-2008-0657).
      
    Impact :
    
        A remote attacker could entice a user to run a specially crafted applet
        on a website or start an application in Java Web Start to execute
        arbitrary code outside of the Java sandbox and of the Java security
        restrictions with the privileges of the user running Java. The attacker
        could also obtain sensitive information, create, modify, rename and
        read local files, execute local applications, establish connections in
        the local network, bypass the same origin policy, and cause a Denial of
        Service via multiple vectors.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200705-23"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200706-08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200804-20"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Sun JRE 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.05'
        All Sun JRE 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.15'
        All Sun JRE 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.17'
        All Sun JDK 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.05'
        All Sun JDK 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.15'
        All Sun JDK 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.17'
        All emul-linux-x86-java 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.05'
        All emul-linux-x86-java 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.15'
        All emul-linux-x86-java 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.4.2.17'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sun JDK/JRE");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0261.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43835
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43835
    titleRHEL 4 : Satellite Server (RHSA-2008:0261)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0261. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43835);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128");
      script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481);
      script_xref(name:"RHSA", value:"2008:0261");
    
      script_name(english:"RHEL 4 : Satellite Server (RHSA-2008:0261)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Satellite Server version 5.0.2 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Satellite Server components.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    During an internal security review, a cross-site scripting flaw was
    found that affected the Red Hat Network channel search feature.
    (CVE-2007-5961)
    
    This release also corrects several security vulnerabilities in various
    components shipped as part of the Red Hat Network Satellite Server. In
    a typical operating environment, these components are not exposed to
    users of Satellite Server in a vulnerable manner. These security
    updates will reduce risk in unique Satellite Server environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting, denial-of-service, or
    information disclosure attacks. (CVE-2004-0885, CVE-2006-5752,
    CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,
    CVE-2007-5000, CVE-2007-6388)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Multiple cross-site scripting flaws were fixed in the image map
    feature in the JFreeChart package. (CVE-2007-6306)
    
    Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
    (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
    
    Two arbitrary code execution flaws were fixed in the OpenMotif
    package. (CVE-2005-3964, CVE-2005-0605)
    
    A flaw which could result in weak encryption was fixed in the
    perl-Crypt-CBC package. (CVE-2006-0898)
    
    Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
    CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,
    CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,
    CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,
    CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
    
    Users of Red Hat Network Satellite Server 5.0 are advised to upgrade
    to 5.0.2, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0128"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0261"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0261";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-SUN-3844.NASL
    descriptionThe Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : - Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. (CVE-2007-2788 / CVE-2007-3004) - The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. (CVE-2007-2789 / CVE-2007-3005) - Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. (CVE-2007-0243)
    last seen2020-06-01
    modified2020-06-02
    plugin id29472
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29472
    titleSuSE 10 Security Update : Java (ZYPP Patch Number 3844)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29472);
      script_version ("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-0243", "CVE-2007-2788", "CVE-2007-2789");
    
      script_name(english:"SuSE 10 Security Update : Java (ZYPP Patch Number 3844)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs,
    including the following security bugs :
    
      - Integer overflow in the embedded ICC profile image
        parser in Sun Java Development Kit (JDK), allows remote
        attackers to execute arbitrary code or cause a denial of
        service (JVM crash) via a crafted JPEG or BMP file.
        (CVE-2007-2788 / CVE-2007-3004)
    
      - The BMP image parser in Sun Java Development Kit (JDK),
        on Unix/Linux systems, allows remote attackers to
        trigger the opening of arbitrary local files via a
        crafted BMP file, which causes a denial of service
        (system hang) in certain cases such as /dev/tty, and has
        other unspecified impact. (CVE-2007-2789 /
        CVE-2007-3005)
    
      - Buffer overflow in Sun JDK and Java Runtime Environment
        (JRE) allows applets to gain privileges via a GIF image
        with a block with a 0 width field, which triggers memory
        corruption. (CVE-2007-0243)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0243.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2788.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2789.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3004.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3005.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3844.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-alsa-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-demo-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-devel-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-jdbc-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-plugin-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_4_2-sun-src-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_4_2-sun-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_4_2-sun-alsa-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_4_2-sun-devel-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_4_2-sun-jdbc-1.4.2.15-2.1")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_4_2-sun-plugin-1.4.2.15-2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0100.NASL
    descriptionUpdated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the
    last seen2020-06-01
    modified2020-06-02
    plugin id40712
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40712
    titleRHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0100. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40712);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3698", "CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273");
      script_bugtraq_id(24004, 24846, 25340, 25918);
      script_xref(name:"RHSA", value:"2008:0100");
    
      script_name(english:"RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.4.2-bea packages that correct several security issues
    and add enhancements are now available for Red Hat Enterprise Linux 3
    Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
    Linux 5 Supplementary.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic
    JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2
    Platform, Standard Edition, v1.4.2.
    
    A buffer overflow in the Java Runtime Environment image handling code
    was found. If an attacker could induce a server application to process
    a specially crafted image file, the attacker could potentially cause a
    denial-of-service or execute arbitrary code as the user running the
    Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789)
    
    A denial of service flaw was found in the way the JSSE component
    processed SSL/TLS handshake requests. A remote attacker able to
    connect to a JSSE enabled service could send a specially crafted
    handshake which would cause the Java Runtime Environment to stop
    responding to future requests. (CVE-2007-3698)
    
    A flaw was found in the way the Java Runtime Environment processed
    font data. An applet viewed via the 'appletviewer' application could
    elevate its privileges, allowing the applet to perform actions with
    the same permissions as the user running the 'appletviewer'
    application. The same flaw could, potentially, crash a server
    application which processed untrusted font information from a third
    party. (CVE-2007-4381)
    
    A flaw in the applet caching mechanism of the Java Runtime Environment
    (JRE) did not correctly process the creation of network connections. A
    remote attacker could use this flaw to create connections to services
    on machines other than the one that the applet was downloaded from.
    (CVE-2007-5232)
    
    Untrusted Java Applets were able to drag and drop files to a desktop
    application. A user-assisted remote attacker could use this flaw to
    move or copy arbitrary files. (CVE-2007-5239)
    
    The Java Runtime Environment (JRE) allowed untrusted Java Applets or
    applications to display over-sized windows. This could be used by
    remote attackers to hide security warning banners. (CVE-2007-5240)
    
    Unsigned Java Applets communicating via a HTTP proxy could allow a
    remote attacker to violate the Java security model. A cached,
    malicious Applet could create network connections to services on other
    machines. (CVE-2007-5273)
    
    Please note: the vulnerabilities noted above concerned with applets
    can only be triggered in java-1.4.2-bea by calling the 'appletviewer'
    application.
    
    All users of java-1.4.2-bea should upgrade to these updated packages,
    which contain the BEA WebLogic JRockit 1.4.2_16 release which resolves
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5273"
      );
      # http://dev2dev.bea.com/pub/advisory/249
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?659e0990"
      );
      # http://dev2dev.bea.com/pub/advisory/248
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e16bf0b7"
      );
      # http://dev2dev.bea.com/pub/advisory/272
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7dd1a2b1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0100"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-missioncontrol");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0100";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el3")) flag++;
    
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el3")) flag++;
    
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el3")) flag++;
    
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-demo-1.4.2.16-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-src-1.4.2.16-1jpp.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.4.2-bea / java-1.4.2-bea-demo / java-1.4.2-bea-devel / etc");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_REL6.NASL
    descriptionThe remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user
    last seen2019-10-28
    modified2007-12-17
    plugin id29702
    published2007-12-17
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29702
    titleMac OS X : Java for Mac OS X 10.4 Release 6
    code
    #TRUSTED 4b9c0ad1a24c4115f7b7fff011d8e3264a484e45f31eb2f1e6c2ad4f1f2501d5974dc3e96b6a810cf6e83813c36e309d909fe1075f7760b90957d20fd6746a7953259e5100844ae499acb1d55cf802b13af93ac438a584db1414ff772b69258724293706f0797468e7ede5205d4821b57f9723c1552c569dd5ebefbedf77411f79f0557f75ec26475fd07728ff158025cdab53dab5b7cb5a4dc9b7372b55f78f8cabe36b918d4f86f4a7502580f78ebda9ec376091efdd701e911015ead821b7f8059e8b7d571665ec49738ddf13543b53cfc12cafcb9f9aa3a8750feadc829eea8bc4c70f0c7f2e1ae84669f207ef3f27dc2b109333dc4739a58e80f350bc335e78814793eb5f637e4371c5196bfc530510f94317ef7ffb8da4933841f97eff0d58df4bb1cf34cfa756eff4e024027b2a358bb21a82e5b2729e91d832f05c4bab539872dd89b67dc7bbb7646dcb3b17c1038a5c0297ed5dedf7f5bca73320abfddb36e3b0c498fba6ab90b2193811c4822b638aa06a4bb7d39a443ea29dde32c73fbc86461c9632d7baa8d5902b5101c7d1ed07f79acc36a5307223d43f1d40c7b2b9d76d8c3446970f53c56054cb37d7f08ee0db7ede4070c261792315d9cd5758fb3889a766076cfa13e27b0d7be9801e8ce854abf230989931b264c562c2ed590fb7dcae1d98e9677ce7c3ca7903b400dd393f9c6f255ba5f540d7ec8469
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(29702);
     script_version("1.18");
     script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
     script_cve_id(
      "CVE-2006-4339",
      "CVE-2006-6731",
      "CVE-2006-6736",
      "CVE-2006-6745",
      "CVE-2007-0243",
      "CVE-2007-2435",
      "CVE-2007-2788",
      "CVE-2007-2789",
      "CVE-2007-3503",
      "CVE-2007-3504",
      "CVE-2007-3655",
      "CVE-2007-3698",
      "CVE-2007-3922",
      "CVE-2007-4381",
      "CVE-2007-5232",
      "CVE-2007-5862"
     );
     script_bugtraq_id(
      21673,
      21674,
      21675,
      22085,
      24690,
      24695,
      24832,
      24846,
      25054,
      25340,
      25918,
      26877
     );
     script_xref(name:"EDB-ID", value:"30284");
    
     script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 6");
     script_summary(english:"Check for Java Release 6");
    
     script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X 10.4 host is running a version of Java for Mac OS
    X that is older than release 6.
    
    The remote version of this software contains several security
    vulnerabilities that may allow a rogue Java applet to escalate its
    privileges and to add or remove arbitrary items from the user's
    KeyChain.
    
    To exploit these flaws, an attacker would need to lure an attacker
    into executing a rogue Java applet.");
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307177");
     script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.4 release 6.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_set_attribute(attribute:"exploit_framework_core", value:"true");
     script_cwe_id(310);
    
     script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05");
     script_set_attribute(attribute:"patch_publication_date", value:"2007/07/09");
     script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/17");
    
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
    
     script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    function exec(cmd)
    {
     local_var ret, buf;
    
     if ( islocalhost() )
      buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
     else
     {
      ret = ssh_open_connection();
      if ( ! ret ) exit(0);
      buf = ssh_cmd(cmd:cmd);
      ssh_close_connection();
     }
    
     if ( buf !~ "^[0-9]" ) exit(0);
    
     buf = chomp(buf);
     return buf;
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # Mac OS X 10.4.10, 10.4.11 only
    if ( egrep(pattern:"Darwin.* 8\.(10|11)\.", string:uname) )
    {
     cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion");
     buf = exec(cmd:cmd);
     if ( ! strlen(buf) ) exit(0);
     array = split(buf, sep:'.', keep:FALSE);
     if ( int(array[0]) < 11 ||
         (int(array[0]) == 11 && int(array[1]) <= 7 ) )
     {
      cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"SourceVersion");
      buf = exec(cmd:cmd);
      if ( strlen(buf) && int(buf) < 1120000 ) security_hole(0);
     }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200706-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200706-08 (emul-linux-x86-java: Multiple vulnerabilities) Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an
    last seen2020-06-01
    modified2020-06-02
    plugin id25593
    published2007-06-27
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25593
    titleGLSA-200706-08 : emul-linux-x86-java: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200706-08.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25593);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789");
      script_xref(name:"GLSA", value:"200706-08");
    
      script_name(english:"GLSA-200706-08 : emul-linux-x86-java: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200706-08
    (emul-linux-x86-java: Multiple vulnerabilities)
    
        Chris Evans of the Google Security Team has discovered an integer
        overflow in the ICC parser, and another vulnerability in the BMP
        parser. An unspecified vulnerability involving an 'incorrect use of
        system classes' was reported by the Fujitsu security team.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted
        image, possibly resulting in the execution of arbitrary code with the
        privileges of the user running Emul-linux-x86-java. They also could
        entice a user to open a specially crafted BMP image, resulting in a
        Denial of Service. Note that these vulnerabilities may also be
        triggered by a tool processing image files automatically.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200706-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Emul-linux-x86-java users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.11'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/27");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.5.0.11", "rge 1.4.2.16", "rge 1.4.2.17", "rge 1.4.2.19"), vulnerable:make_list("lt 1.5.0.11"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emul-linux-x86-java");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1086.NASL
    descriptionUpdated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the
    last seen2020-06-01
    modified2020-06-02
    plugin id63846
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63846
    titleRHEL 4 : java-1.4.2-bea (RHSA-2007:1086)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1086. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63846);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3698", "CVE-2007-4381");
      script_xref(name:"RHSA", value:"2007:1086");
    
      script_name(english:"RHEL 4 : java-1.4.2-bea (RHSA-2007:1086)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.4.2-bea packages that correct several security issues
    and add enhancements are now available for Red Hat Enterprise Linux 4
    Extras.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic
    JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2
    Platform, Standard Edition, v1.4.2.
    
    A buffer overflow in the Java Runtime Environment image handling code
    was found. If an attacker is able to cause a server application to
    process a specially crafted image file, it may be possible to execute
    arbitrary code as the user running the Java Virtual Machine.
    (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004)
    
    A denial of service flaw was discovered in the Java Applet Viewer. An
    untrusted Java applet could cause the Java Virtual Machine to become
    unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does
    not ship with a browser plug-in and therefore this issue could only be
    triggered by a user running the 'appletviewer' application.
    (CVE-2007-3005)
    
    A denial of service flaw was found in the way the JSSE component
    processed SSL/TLS handshake requests. A remote attacker able to
    connect to a JSSE enabled service could send a specially crafted
    handshake which would cause the Java Runtime Environment to stop
    responding to future requests. (CVE-2007-3698)
    
    A flaw was found in the way the Java Runtime Environment processes
    font data. An applet viewed via the 'appletviewer' application could
    elevate its privileges, allowing the applet to perform actions with
    the same permissions as the user running the 'appletviewer'
    application. It may also be possible to crash a server application
    which processes untrusted font information from a third party.
    (CVE-2007-4381)
    
    All users of java-1.4.2-bea should upgrade to these updated packages,
    which contain the BEA WebLogic JRockit 1.4.2_15 release that resolves
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-2788.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-2789.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-3698.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2007-4381.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://dev2dev.bea.com/pub/advisory/249"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://dev2dev.bea.com/pub/advisory/248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2007-1086.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected java-1.4.2-bea, java-1.4.2-bea-devel and / or
    java-1.4.2-bea-jdbc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-jdbc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.15-1jpp.2.el4")) flag++;
    if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4")) flag++;
    if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4")) flag++;
    
    if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.15-1jpp.2.el4")) flag++;
    if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4")) flag++;
    if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_102934_UNIX.NASL
    descriptionAccording to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang.
    last seen2020-06-01
    modified2020-06-02
    plugin id64821
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64821
    titleSun Java JRE Image Parsing Vulnerabilities (102934) (Unix)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200705-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200705-23 (Sun JDK/JRE: Multiple vulnerabilities) An unspecified vulnerability involving an
    last seen2020-06-01
    modified2020-06-02
    plugin id25382
    published2007-06-04
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25382
    titleGLSA-200705-23 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0956.NASL
    descriptionUpdated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the BEA Java Runtime Environment GIF image handling. If an application processes untrusted GIF image input, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-0243) A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the
    last seen2020-06-01
    modified2020-06-02
    plugin id40708
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40708
    titleRHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-SUN-3843.NASL
    descriptionThe Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen2020-06-01
    modified2020-06-02
    plugin id27276
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27276
    titleopenSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-3843)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-4544.NASL
    descriptionThe IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-2788 / CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005) A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. - A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. (CVE-2007-3655) - A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2007-3922) For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-01
    modified2020-06-02
    plugin id29475
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29475
    titleSuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0524.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43837
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43837
    titleRHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0817.NASL
    descriptionUpdated java-1.4.2-ibm packages to correct a set of security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id40705
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40705
    titleRHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2007:0817)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200709-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200709-15 (BEA JRockit: Multiple vulnerabilities) An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Impact : A remote attacker could trigger the integer overflow to execute arbitrary code or crash the JVM through a specially crafted file. Also, an attacker could perform unauthorized actions via an applet that grants certain privileges to itself because of the font parsing vulnerability. The error when processing XSLT stylesheets can be exploited to execute arbitrary code. Other vulnerabilities could lead to establishing restricted network connections to certain services, Cross Site Scripting and Denial of Service attacks. Workaround : There is no known workaround at this time for all these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id26117
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26117
    titleGLSA-200709-15 : BEA JRockit: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0829.NASL
    descriptionUpdated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id40706
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40706
    titleRHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-4542.NASL
    descriptionThe IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-2788 / CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005) A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. - A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. (CVE-2007-3655) - A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2007-3922) For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-01
    modified2020-06-02
    plugin id29470
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29470
    titleSuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)
  • NASL familyWindows
    NASL idSUN_JAVA_JRE_102934.NASL
    descriptionAccording to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang.
    last seen2020-06-01
    modified2020-06-02
    plugin id25370
    published2007-06-02
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25370
    titleSun Java JRE Image Parsing Vulnerabilities (102934)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-SUN-3832.NASL
    descriptionThe Sun JAVA JDK 1.5.0 was upgraded to release 12 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen2020-06-01
    modified2020-06-02
    plugin id27280
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27280
    titleopenSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-3832)

Oval

accepted2010-09-06T04:05:58.816-04:00
classvulnerability
contributors
nameAharon Chernin
organizationSCAP.com, LLC
descriptionMP file, such as /dev/tty.
familyunix
idoval:org.mitre.oval:def:10800
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
version7

Redhat

advisories
  • rhsa
    idRHSA-2007:0817
  • rhsa
    idRHSA-2007:0829
  • rhsa
    idRHSA-2007:0956
  • rhsa
    idRHSA-2007:1086
  • rhsa
    idRHSA-2008:0100
  • rhsa
    idRHSA-2008:0133
  • rhsa
    idRHSA-2008:0261
rpms
  • java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.9-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.9-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.9-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.9-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-demo-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-devel-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-ibm-src-1:1.5.0.5-1jpp.0.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.5-1jpp.2.el4
  • java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5
  • java-1.5.0-bea-demo-0:1.5.0.11-1jpp.1.el5
  • java-1.5.0-bea-devel-0:1.5.0.11-1jpp.1.el5
  • java-1.5.0-bea-jdbc-0:1.5.0.11-1jpp.1.el5
  • java-1.5.0-bea-missioncontrol-0:1.5.0.11-1jpp.1.el5
  • java-1.5.0-bea-src-0:1.5.0.11-1jpp.1.el5
  • java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4
  • java-1.4.2-bea-devel-0:1.4.2.15-1jpp.2.el4
  • java-1.4.2-bea-jdbc-0:1.4.2.15-1jpp.2.el4
  • java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3
  • java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5
  • java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5
  • java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3
  • java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5
  • java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3
  • java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5
  • java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5
  • java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh

References