Vulnerabilities > CVE-2007-5689 - Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
critical
nessus

Summary

The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications
    last seen2020-06-01
    modified2020-06-02
    plugin id32013
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32013
    titleGLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200804-20.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32013);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3655", "CVE-2007-5232", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689", "CVE-2008-0628", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_xref(name:"GLSA", value:"200804-20");
    
      script_name(english:"GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200804-20
    (Sun JDK/JRE: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Sun Java:
        Daniel Soeder discovered that a long codebase attribute string in a
        JNLP file will overflow a stack variable when launched by Java WebStart
        (CVE-2007-3655).
        Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788,
        CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA
        200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the
        initial revision of said GLSAs.
        The Zero Day Initiative, TippingPoint and John Heasman reported
        multiple buffer overflows and unspecified vulnerabilities in Java Web
        Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,
        CVE-2008-1191).
        Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue
        when performing XSLT transformations (CVE-2008-1187).
        CERT/CC reported a Stack-based buffer overflow in Java Web Start
        when using JNLP files (CVE-2008-1196).
        Azul Systems reported an unspecified vulnerability that allows
        applets to escalate their privileges (CVE-2007-5689).
        Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
        Weidong Shao, and David Byrne discovered multiple instances where Java
        applets or JavaScript programs run within browsers do not pin DNS
        hostnames to a single IP address, allowing for DNS rebinding attacks
        (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).
        Peter Csepely reported that Java Web Start does not properly
        enforce access restrictions for untrusted applications (CVE-2007-5237,
        CVE-2007-5238).
        Java Web Start does not properly enforce access restrictions for
        untrusted Java applications and applets, when handling drag-and-drop
        operations (CVE-2007-5239).
        Giorgio Maone discovered that warnings for untrusted code can be
        hidden under applications' windows (CVE-2007-5240).
        Fujitsu reported two security issues where security restrictions of
        web applets and applications were not properly enforced (CVE-2008-1185,
        CVE-2008-1186).
        John Heasman of NGSSoftware discovered that the Java Plug-in does
        not properly enforce the same origin policy (CVE-2008-1192).
        Chris Evans of the Google Security Team discovered multiple
        unspecified vulnerabilities within the Java Runtime Environment Image
        Parsing Library (CVE-2008-1193, CVE-2008-1194).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1195).
        Chris Evans and Johannes Henkel of the Google Security Team
        reported that the XML parsing code retrieves external entities even
        when that feature is disabled (CVE-2008-0628).
        Multiple unspecified vulnerabilities might allow for escalation of
        privileges (CVE-2008-0657).
      
    Impact :
    
        A remote attacker could entice a user to run a specially crafted applet
        on a website or start an application in Java Web Start to execute
        arbitrary code outside of the Java sandbox and of the Java security
        restrictions with the privileges of the user running Java. The attacker
        could also obtain sensitive information, create, modify, rename and
        read local files, execute local applications, establish connections in
        the local network, bypass the same origin policy, and cause a Denial of
        Service via multiple vectors.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200705-23"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200706-08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200804-20"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Sun JRE 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.05'
        All Sun JRE 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.15'
        All Sun JRE 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.17'
        All Sun JDK 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.05'
        All Sun JDK 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.15'
        All Sun JDK 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.17'
        All emul-linux-x86-java 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.05'
        All emul-linux-x86-java 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.15'
        All emul-linux-x86-java 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.4.2.17'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sun JDK/JRE");
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-00010.NASL
    descriptionUpdated ESX patches and VirtualCenter update 2 fix the following application vulnerabilities. a. Tomcat Server Security Update This release of ESX updates the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update This release of ESX and VirtualCenter updates the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.
    last seen2017-10-29
    modified2012-04-26
    plugin id40371
    published2009-07-27
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=40371
    titleVMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by vmware_VMSA-2008-0010.nasl.
    #
    # Disabled on 2011/09/19.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text of this plugin is (C) VMware Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(40371);
      script_version("1.13");
      script_cvs_date("Date: 2018/08/15 16:35:43");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5274", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5689", "CVE-2007-6286", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
    
      script_name(english:"VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)");
      script_summary(english:"Looks for patch(es) in esxupdate output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value: 
    "The remote VMware host is missing one or more security-related 
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ESX patches and VirtualCenter update 2 fix the following
    application vulnerabilities.
    
    a. Tomcat Server Security Update
    
    This release of ESX updates the Tomcat Server package to version
    5.5.26, which addresses multiple security issues that existed
    in earlier releases of Tomcat Server.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
    CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26.
    
    b. JRE Security Update
    
    This release of ESX and VirtualCenter updates the JRE package
    to version 1.5.0_15, which addresses multiple security issues
    that existed in earlier releases of JRE.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187,
    CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191,
    CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195,
    CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232,
    CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239,
    CVE-2007-5240, CVE-2007-5274 to the security issues fixed in
    JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
    
    Notes: These vulnerabilities can be exploited remotely only if the
    attacker has access to the service console network.
    Security best practices provided by VMware recommend that the
    service console be isolated from the VM network. Please see
    http://www.vmware.com/resources/techresources/726 for more
    information on VMware security best practices."
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.vmware.com/pipermail/security-announce/2008/000031.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patch(es).");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:vmware");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is (C) 2009-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/version");
    
      exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #40379 (vmware_VMSA-2008-0010.nasl) instead.");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0010.NASL
    descriptionESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
    last seen2020-06-01
    modified2020-06-02
    plugin id40379
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40379
    titleVMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2008-0010. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40379);
      script_version("1.23");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5274", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5689", "CVE-2007-6286", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196", "CVE-2008-4294");
      script_bugtraq_id(25918, 25920, 26070, 27006, 27650, 27706, 28083, 28125);
      script_xref(name:"VMSA", value:"2008-0010");
    
      script_name(english:"VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter");
      script_summary(english:"Checks esxupdate output for the patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote VMware ESX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ESX patches and updates for VirtualCenter fix the following
    application vulnerabilities.
    
     a. Tomcat Server Security Update
    
    The ESX patches and the updates for VirtualCenter update the
    Tomcat Server package to version 5.5.26, which addresses multiple
    security issues that existed in earlier releases of Tomcat Server.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
    CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26.
    
     b. JRE Security Update
    
    The ESX patches and the updates for VirtualCenter update the JRE
    package to version 1.5.0_15, which addresses multiple security
    issues that existed in earlier releases of JRE.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187,
    CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191,
    CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195,
    CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232,
    CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239,
    CVE-2007-5240, CVE-2007-5274 to the security issues fixed in
    JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2008/000031.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22, 119, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2008-06-16");
    flag = 0;
    
    
    if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004823")) flag++;
    
    if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006360")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 3.0.3",
        patch         : "ESX303-200808407-SG",
        patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESX 3.5.0",
        patch         : "ESX350-200806404-SG",
        patch_updates : make_list("ESX350-201003403-SG", "ESX350-201203401-SG", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
      )
    ) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0963.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238) Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274) In Red Hat Enterprise Linux a Java Web Start application requesting elevated permissions is only started automatically when signed with a trusted code signing certificate and otherwise requires user confirmation to access privileged resources. All users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 13 that corrects these issues. Please note that during our quality testing we discovered that the Java browser plug-in may not function perfectly when visiting some sites that make use of multiple applets on a single HTML page. We have verified that this issue is not due to our packaging and affects Sun Java 1.5.0 Update 13.
    last seen2020-06-01
    modified2020-06-02
    plugin id40709
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40709
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0963. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40709);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689");
      script_bugtraq_id(25918, 25920);
      script_xref(name:"RHSA", value:"2007:0963");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Java Runtime Environment (JRE) contains the software and tools
    that users need to run applets and applications written using the Java
    programming language.
    
    A flaw in the applet caching mechanism of the Java Runtime Environment
    (JRE) did not correctly process the creation of network connections. A
    remote attacker could use this flaw to create connections to services
    on machines other than the one that the applet was downloaded from.
    (CVE-2007-5232)
    
    Multiple vulnerabilities existed in Java Web Start allowing an
    untrusted application to determine the location of the Java Web Start
    cache. (CVE-2007-5238)
    
    Untrusted Java Web Start Applications or Java Applets were able to
    drag and drop a file to a Desktop Application. A user-assisted remote
    attacker could use this flaw to move or copy arbitrary files.
    (CVE-2007-5239)
    
    The Java Runtime Environment (JRE) allowed untrusted Java Applets or
    applications to display oversized Windows. This could be used by
    remote attackers to hide security warning banners. (CVE-2007-5240)
    
    Unsigned Java Applets communicating via a HTTP proxy could allow a
    remote attacker to violate the Java security model. A cached,
    malicious Applet could create network connections to services on other
    machines. (CVE-2007-5273)
    
    Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed
    remote attackers to violate the Java security model. A cached,
    malicious Applet could create network connections to services on other
    machines. (CVE-2007-5274)
    
    In Red Hat Enterprise Linux a Java Web Start application requesting
    elevated permissions is only started automatically when signed with a
    trusted code signing certificate and otherwise requires user
    confirmation to access privileged resources.
    
    All users of java-sun-1.5.0 should upgrade to these packages, which
    contain Sun Java 1.5.0 Update 13 that corrects these issues.
    
    Please note that during our quality testing we discovered that the
    Java browser plug-in may not function perfectly when visiting some
    sites that make use of multiple applets on a single HTML page. We have
    verified that this issue is not due to our packaging and affects Sun
    Java 1.5.0 Update 13."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5273"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0963"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0963";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.13-1jpp.1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc");
      }
    }
    
  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_103079_UNIX.NASL
    descriptionAccording to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host is reportedly affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id64824
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64824
    titleSun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64824);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2007-5232",
        "CVE-2007-5236",
        "CVE-2007-5237",
        "CVE-2007-5238",
        "CVE-2007-5239",
        "CVE-2007-5240",
        "CVE-2007-5273",
        "CVE-2007-5274",
        "CVE-2007-5689"
      );
      script_bugtraq_id(25918, 25920, 26185);
    
      script_name(english:"Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)");
      script_summary(english:"Checks version of Sun JRE");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Unix host has an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version number, the Sun Java Runtime Environment (JRE)
    and/or Web Start installed on the remote host is reportedly affected by
    several issues that could be abused to move / copy local files, read or
    write local files, circumvent network access restrictions, or elevate
    privileges.");
      script_set_attribute(attribute:"see_also", value:"http://conference.hitb.org/hitbsecconf2007kl/?page_id=148");
      # http://web.archive.org/web/20080129213300/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d88f8c90");
      # http://web.archive.org/web/20080129213305/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3744db68");
      # http://web.archive.org/web/20080622195736/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dd067e0");
      # http://web.archive.org/web/20080609024942/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1cbab94e");
      # http://web.archive.org/web/20071027024719/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?811a9446");
      script_set_attribute(attribute:"solution", value:
    "Update to Sun JDK and JRE 6 Update 3 / JDK and JRE 5.0 Update 13 / SDK
    and JRE 1.4.2_16 / SDK and JRE 1.3.1_21 or later and remove, if
    necessary, any other affected versions.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-5689");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed_unix.nasl");
      script_require_keys("Host/Java/JRE/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
      installed_versions = installed_versions + " & " + ver;
      if (
        ver =~ "^1\.6\.0_0[0-2][^0-9]?" ||
        ver =~ "^1\.5\.0_(0[0-9]|1[0-2])[^0-9]?" ||
        ver =~ "^1\.4\.([01]_|2_(0[0-9]|1[0-5][^0-9]?))" ||
        ver =~ "^1\.3\.(0_|1_([01][0-9]|20[^0-9]?))"
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_03 / 1.5.0_13 / 1.4.2_16 / 1.3.1_21\n';
      }
      else if (ver =~ "^[\d\.]+$")
      {
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
      }
      else
      {
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
      }
    
    }
    
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      if (granular) exit(0, granular);
    }
    else
    {
      if (granular) exit(0, granular);
    
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    
  • NASL familyWindows
    NASL idSUN_JAVA_JRE_103079.NASL
    descriptionAccording to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host reportedly is affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id26923
    published2007-10-05
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26923
    titleSun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26923);
      script_version("1.27");
      script_cvs_date("Date: 2018/08/03 11:35:09");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5237", 
                    "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", 
                    "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689");
      script_bugtraq_id(25918, 25920, 26185);
    
      script_name(english:"Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)");
      script_summary(english:"Checks version of Sun JRE"); 
     
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has an application that is affected by
    multiple vulnerabilities." );
      script_set_attribute(attribute:"description", value:
    "According to its version number, the Sun Java Runtime Environment
    (JRE) and/or Web Start installed on the remote host reportedly is
    affected by several issues that could be abused to move / copy local
    files, read or write local files, circumvent network access
    restrictions, or elevate privileges." );
      script_set_attribute(attribute:"see_also", value:"http://conference.hitb.org/hitbsecconf2007kl/?page_id=148" );
      # http://web.archive.org/web/20080129213300/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d88f8c90");
      # http://web.archive.org/web/20080129213305/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3744db68");
      # http://web.archive.org/web/20080622195736/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dd067e0");
      # http://web.archive.org/web/20080609024942/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1cbab94e");
      # http://web.archive.org/web/20071027024719/http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?811a9446");
      script_set_attribute(attribute:"solution", value:
    "Update to Sun JDK and JRE 6 Update 3 / JDK and JRE 5.0 Update 13 / SDK
    and JRE 1.4.2_16 / SDK and JRE 1.3.1_21 or later and remove if
    necessary any other affected versions." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
      script_set_attribute(attribute:"plugin_publication_date", value: "2007/10/05");
      script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/04");
      script_set_attribute(attribute:"patch_publication_date", value: "2007/10/03");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    # Check each installed JRE.
    installs = get_kb_list("SMB/Java/JRE/*");
    if (isnull(installs)) exit(1, "The 'SMB/Java/JRE/' KB item is missing.");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver =~ "^[0-9.]+")
        installed_versions = installed_versions + " & " + ver;
      if (
        ver =~ "^1\.6\.0_0[0-2][^0-9]?" ||
        ver =~ "^1\.5\.0_(0[0-9]|1[0-2])[^0-9]?" ||
        ver =~ "^1\.4\.([01]_|2_(0[0-9]|1[0-5][^0-9]?))" ||
        ver =~ "^1\.3\.(0_|1_([01][0-9]|20[^0-9]?))"
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_03 / 1.5.0_13 / 1.4.2_16 / 1.3.1_21\n';
      }
    }
    
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
    
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
          info;
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
    }
    

Oval

accepted2010-09-06T04:15:57.522-04:00
classvulnerability
contributors
nameAharon Chernin
organizationSCAP.com, LLC
descriptionThe Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
familyunix
idoval:org.mitre.oval:def:9898
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
version6

Redhat

rpms
  • java-1.5.0-sun-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.13-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.13-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.13-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.13-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.13-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.13-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.13-1jpp.1.el5