Vulnerabilities > CVE-2008-1194 - Unspecified vulnerability in SUN JDK and JRE

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
sun
nessus

Summary

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Sun
38

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications
    last seen2020-06-01
    modified2020-06-02
    plugin id32013
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32013
    titleGLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200804-20.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32013);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3655", "CVE-2007-5232", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2007-5689", "CVE-2008-0628", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_xref(name:"GLSA", value:"200804-20");
    
      script_name(english:"GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200804-20
    (Sun JDK/JRE: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Sun Java:
        Daniel Soeder discovered that a long codebase attribute string in a
        JNLP file will overflow a stack variable when launched by Java WebStart
        (CVE-2007-3655).
        Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788,
        CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA
        200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the
        initial revision of said GLSAs.
        The Zero Day Initiative, TippingPoint and John Heasman reported
        multiple buffer overflows and unspecified vulnerabilities in Java Web
        Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,
        CVE-2008-1191).
        Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue
        when performing XSLT transformations (CVE-2008-1187).
        CERT/CC reported a Stack-based buffer overflow in Java Web Start
        when using JNLP files (CVE-2008-1196).
        Azul Systems reported an unspecified vulnerability that allows
        applets to escalate their privileges (CVE-2007-5689).
        Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
        Weidong Shao, and David Byrne discovered multiple instances where Java
        applets or JavaScript programs run within browsers do not pin DNS
        hostnames to a single IP address, allowing for DNS rebinding attacks
        (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274).
        Peter Csepely reported that Java Web Start does not properly
        enforce access restrictions for untrusted applications (CVE-2007-5237,
        CVE-2007-5238).
        Java Web Start does not properly enforce access restrictions for
        untrusted Java applications and applets, when handling drag-and-drop
        operations (CVE-2007-5239).
        Giorgio Maone discovered that warnings for untrusted code can be
        hidden under applications' windows (CVE-2007-5240).
        Fujitsu reported two security issues where security restrictions of
        web applets and applications were not properly enforced (CVE-2008-1185,
        CVE-2008-1186).
        John Heasman of NGSSoftware discovered that the Java Plug-in does
        not properly enforce the same origin policy (CVE-2008-1192).
        Chris Evans of the Google Security Team discovered multiple
        unspecified vulnerabilities within the Java Runtime Environment Image
        Parsing Library (CVE-2008-1193, CVE-2008-1194).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1195).
        Chris Evans and Johannes Henkel of the Google Security Team
        reported that the XML parsing code retrieves external entities even
        when that feature is disabled (CVE-2008-0628).
        Multiple unspecified vulnerabilities might allow for escalation of
        privileges (CVE-2008-0657).
      
    Impact :
    
        A remote attacker could entice a user to run a specially crafted applet
        on a website or start an application in Java Web Start to execute
        arbitrary code outside of the Java sandbox and of the Java security
        restrictions with the privileges of the user running Java. The attacker
        could also obtain sensitive information, create, modify, rename and
        read local files, execute local applications, establish connections in
        the local network, bypass the same origin policy, and cause a Denial of
        Service via multiple vectors.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200705-23"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200706-08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200804-20"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Sun JRE 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.05'
        All Sun JRE 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.15'
        All Sun JRE 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.17'
        All Sun JDK 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.05'
        All Sun JDK 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.15'
        All Sun JDK 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.17'
        All emul-linux-x86-java 1.6 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.05'
        All emul-linux-x86-java 1.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.15'
        All emul-linux-x86-java 1.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.4.2.17'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:emul-linux-x86-java");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sun-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/sun-jre-bin", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"app-emulation/emul-linux-x86-java", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    if (qpkg_check(package:"dev-java/sun-jdk", unaffected:make_list("ge 1.6.0.05", "rge 1.5.0.21", "rge 1.5.0.20", "rge 1.5.0.19", "rge 1.5.0.18", "rge 1.5.0.17", "rge 1.5.0.16", "rge 1.5.0.15", "rge 1.4.2.17", "rge 1.5.0.22"), vulnerable:make_list("lt 1.6.0.05"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Sun JDK/JRE");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0244.NASL
    descriptionUpdated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14, and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possibly execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id40721
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40721
    titleRHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0244. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40721);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-1187", "CVE-2008-1193", "CVE-2008-1194");
      script_bugtraq_id(28083, 28125);
      script_xref(name:"RHSA", value:"2008:0244");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-bea packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic
    JRockit Virtual Machine 1.5.0_14, and are certified for the Java 5
    Platform, Standard Edition, v1.5.0.
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possibly
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The vulnerabilities concerning applets listed above can only be
    triggered in java-1.5.0-bea, by calling the 'appletviewer'
    application.
    
    Users of java-1.5.0-bea are advised to upgrade to these updated
    packages, which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1194"
      );
      # http://dev2dev.bea.com/pub/advisory/277
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7cd88e8d"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0244"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-missioncontrol");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-bea-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0244";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-bea-src-1.5.0.14-1jpp.2.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-bea / java-1.5.0-bea-demo / java-1.5.0-bea-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0245.NASL
    descriptionUpdated java-1.6.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform, Standard Edition, v1.6.0. The Java XML parsing code processed external entity references even when the
    last seen2020-06-01
    modified2020-06-02
    plugin id63852
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63852
    titleRHEL 5 : java-1.6.0-bea (RHSA-2008:0245)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0245. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63852);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-0628", "CVE-2008-1187", "CVE-2008-1193", "CVE-2008-1194");
      script_xref(name:"RHSA", value:"2008:0245");
    
      script_name(english:"RHEL 5 : java-1.6.0-bea (RHSA-2008:0245)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-bea packages that correct several security issues
    are now available for Red Hat Enterprise Linux 5 Supplementary.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic
    JRockit Virtual Machine 1.6.0_03, and are certified for the Java 6
    Platform, Standard Edition, v1.6.0.
    
    The Java XML parsing code processed external entity references even
    when the 'external general entities' property was set to 'FALSE'. This
    allowed remote attackers to conduct XML External Entity (XXE) attacks,
    possibly causing a denial of service, or gaining access to restricted
    resources. (CVE-2008-0628)
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possible
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The vulnerabilities concerning applets listed above can only be
    triggered in java-1.6.0-bea, by calling the 'appletviewer'
    application.
    
    Users of java-1.6.0-bea are advised to upgrade to these updated
    packages, which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1194"
      );
      # http://dev2dev.bea.com/pub/advisory/277
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7cd88e8d"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0245"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-missioncontrol");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-bea-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0245";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-demo-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-devel-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-jdbc-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-missioncontrol-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-bea-src-1.6.0.03-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-bea / java-1.6.0-bea-demo / java-1.6.0-bea-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-5183.NASL
    descriptionIBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-0657) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)
    last seen2020-06-01
    modified2020-06-02
    plugin id32050
    published2008-04-25
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32050
    titleSuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32050);
      script_version ("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2008-0657", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
    
      script_name(english:"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "IBM Java 5 was updated to SR7 to fix various security issues :
    
      - A buffer overflow vulnerability in Java Web Start may
        allow an untrusted Java Web Start application that is
        downloaded from a website to elevate its privileges. For
        example, an untrusted Java Web Start application may
        grant itself permissions to read and write local files
        or execute local applications that are accessible to the
        user running the untrusted application. (CVE-2008-1196)
    
      - A vulnerability in the Java Runtime Environment may
        allow JavaScript(TM) code that is downloaded by a
        browser to make connections to network services on the
        system that the browser runs on, through Java APIs, This
        may allow files (that are accessible through these
        network services) or vulnerabilities (that exist on
        these network services) which are not otherwise normally
        accessible to be accessed or exploited. (CVE-2008-1195)
    
      - Two buffer overflow vulnerabilities may allow an
        untrusted applet or application to cause the Java
        Runtime Environment to crash. (CVE-2008-1194)
    
      - A buffer overflow vulnerability in the Java Runtime
        Environment image parsing code may allow an untrusted
        applet or application to create a denial-of-service
        condition, by causing the Java Runtime Environment to
        crash. (CVE-2008-1194)
    
      - A buffer overflow vulnerability in the Java Runtime
        Environment image parsing code allow an untrusted applet
        or application to elevate its privileges. For example,
        an application may grant itself permissions to read and
        write local files or execute local applications that are
        accessible to the user running the untrusted
        application. (CVE-2008-1193)
    
      - A vulnerability in the Java Plug-in may an untrusted
        applet to bypass same origin policy and leverage this
        flaw to execute local applications that are accessible
        to the user running the untrusted applet.
        (CVE-2008-1192)
    
      - A vulnerability in Java Web Start may allow an untrusted
        Java Web Start application to elevate its privileges.
        For example, an application may grant itself permissions
        to read and write local files or execute local
        applications that are accessible to the user running the
        untrusted application. (CVE-2008-1190)
    
      - A buffer overflow vulnerability in the Java Runtime
        Environment may allow an untrusted applet or application
        to elevate its privileges. For example, an applet may
        grant itself permissions to read and write local files
        or execute local applications that are accessible to the
        user running the untrusted applet. (CVE-2008-1189)
    
      - Two buffer overflow vulnerabilities in Java Web Start
        may independently allow an untrusted Java Web Start
        application to elevate its privileges. For example, an
        untrusted Java Web Start application may grant itself
        permissions to read and write local files or execute
        local applications that are accessible to the user
        running the untrusted application. (CVE-2008-1188)
    
      - A vulnerability in the Java Runtime Environment with
        parsing XML data may allow an untrusted applet or
        application to elevate its privileges. For example, an
        applet may read certain URL resources (such as some
        files and web pages). (CVE-2008-1187)
    
      - A vulnerability in the Java Runtime Environment may
        allow an untrusted application or applet that is
        downloaded from a website to elevate its privileges. For
        example, the application or applet may grant itself
        permissions to read and write local files or execute
        local applications that are accessible to the user
        running the untrusted application or applet.
        (CVE-2008-0657)
    
      - A vulnerability in the Java Runtime Environment (JRE)
        with applet caching may allow an untrusted applet that
        is downloaded from a malicious website to make network
        connections to network services on machines other than
        the one that the applet was downloaded from. This may
        allow network resources (such as web pages) and
        vulnerabilities (that exist on these network services)
        which are not otherwise normally accessible to be
        accessed or exploited. (CVE-2007-5232)
    
      - A vulnerability in the Java Runtime Environment (JRE)
        may allow malicious JavaScript code that is downloaded
        by a browser from a malicious website to make network
        connections, through Java APIs, to network services on
        machines other than the one that the JavaScript code was
        downloaded from. This may allow network resources (such
        as web pages) and vulnerabilities (that exist on these
        network services) which are not otherwise normally
        accessible to be accessed or exploited. (CVE-2007-5274)
    
      - A second vulnerability in the JRE may allow an untrusted
        applet that is downloaded from a malicious website
        through a web proxy to make network connections to
        network services on machines other than the one that the
        applet was downloaded from. This may allow network
        resources (such as web pages) and vulnerabilities (that
        exist on these network services) which are not otherwise
        normally accessible to be accessed or exploited.
        (CVE-2007-5273)
    
      - An untrusted Java Web Start application may write
        arbitrary files with the privileges of the user running
        the application. (CVE-2007-5236)
    
      - Three separate vulnerabilities may allow an untrusted
        Java Web Start application to determine the location of
        the Java Web Start cache. (CVE-2007-5238)
    
      - An untrusted Java Web Start application or Java applet
        may move or copy arbitrary files by requesting the user
        of the application or applet to drag and drop a file
        from the Java Web Start application or Java applet
        window. (CVE-2007-5239)
    
      - An untrusted applet may display an over-sized window so
        that the applet warning banner is not visible to the
        user running the untrusted applet. (CVE-2007-5240)
    
      - A vulnerability in the font parsing code in the Java
        Runtime Environment may allow an untrusted applet to
        elevate its privileges. For example, an applet may grant
        itself permissions to read and write local files or
        execute local applications that are accessible to the
        user running the untrusted applet. (CVE-2007-4381)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-4381.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5232.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5236.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5238.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5239.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5240.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5273.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5274.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-0657.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1187.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1188.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1189.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1190.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1192.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1193.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1194.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1195.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1196.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5183.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-demo-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-src-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-fonts-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0267.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id63854
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63854
    titleRHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0267. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63854);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_bugtraq_id(28083);
      script_xref(name:"RHSA", value:"2008:0267");
    
      script_name(english:"RHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 5 Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environment,
    and the IBM Java 2 Software Development Kit.
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    Several buffer overflow flaws were found in Java Web Start (JWS). An
    untrusted JNLP application could access local files, or execute local
    applications accessible to the user running the JRE. (CVE-2008-1188,
    CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
    
    A flaw was found in the Java plug-in. A remote attacker could bypass
    the same origin policy, executing arbitrary code with the permissions
    of the user running the JRE. (CVE-2008-1192)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possibly
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The JRE allowed untrusted JavaScript code to create local network
    connections by the use of Java APIs. A remote attacker could use these
    flaws to access local network services. (CVE-2008-1195)
    
    All users of java-1.6.0-ibm are advised to upgrade to these updated
    packages, that contain IBM's 1.6.0 SR1 Java release, which resolves
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1196"
      );
      # http://www-128.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.ibm.com/us-en/?ar=1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0267"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0267";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc");
      }
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-00010.NASL
    descriptionUpdated ESX patches and VirtualCenter update 2 fix the following application vulnerabilities. a. Tomcat Server Security Update This release of ESX updates the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update This release of ESX and VirtualCenter updates the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.
    last seen2017-10-29
    modified2012-04-26
    plugin id40371
    published2009-07-27
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=40371
    titleVMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by vmware_VMSA-2008-0010.nasl.
    #
    # Disabled on 2011/09/19.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text of this plugin is (C) VMware Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    if (!defined_func("bn_random")) exit(0);
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(40371);
      script_version("1.13");
      script_cvs_date("Date: 2018/08/15 16:35:43");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5274", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5689", "CVE-2007-6286", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
    
      script_name(english:"VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)");
      script_summary(english:"Looks for patch(es) in esxupdate output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value: 
    "The remote VMware host is missing one or more security-related 
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ESX patches and VirtualCenter update 2 fix the following
    application vulnerabilities.
    
    a. Tomcat Server Security Update
    
    This release of ESX updates the Tomcat Server package to version
    5.5.26, which addresses multiple security issues that existed
    in earlier releases of Tomcat Server.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
    CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26.
    
    b. JRE Security Update
    
    This release of ESX and VirtualCenter updates the JRE package
    to version 1.5.0_15, which addresses multiple security issues
    that existed in earlier releases of JRE.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187,
    CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191,
    CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195,
    CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232,
    CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239,
    CVE-2007-5240, CVE-2007-5274 to the security issues fixed in
    JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
    
    Notes: These vulnerabilities can be exploited remotely only if the
    attacker has access to the service console network.
    Security best practices provided by VMware recommend that the
    service console be isolated from the VM network. Please see
    http://www.vmware.com/resources/techresources/726 for more
    information on VMware security best practices."
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.vmware.com/pipermail/security-announce/2008/000031.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patch(es).");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:vmware");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is (C) 2009-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/version");
    
      exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #40379 (vmware_VMSA-2008-0010.nasl) instead.");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0010.NASL
    descriptionESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
    last seen2020-06-01
    modified2020-06-02
    plugin id40379
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40379
    titleVMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2008-0010. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40379);
      script_version("1.23");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5237", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5274", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5689", "CVE-2007-6286", "CVE-2008-0657", "CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196", "CVE-2008-4294");
      script_bugtraq_id(25918, 25920, 26070, 27006, 27650, 27706, 28083, 28125);
      script_xref(name:"VMSA", value:"2008-0010");
    
      script_name(english:"VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter");
      script_summary(english:"Checks esxupdate output for the patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote VMware ESX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ESX patches and updates for VirtualCenter fix the following
    application vulnerabilities.
    
     a. Tomcat Server Security Update
    
    The ESX patches and the updates for VirtualCenter update the
    Tomcat Server package to version 5.5.26, which addresses multiple
    security issues that existed in earlier releases of Tomcat Server.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,
    CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26.
    
     b. JRE Security Update
    
    The ESX patches and the updates for VirtualCenter update the JRE
    package to version 1.5.0_15, which addresses multiple security
    issues that existed in earlier releases of JRE.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187,
    CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191,
    CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195,
    CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232,
    CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239,
    CVE-2007-5240, CVE-2007-5274 to the security issues fixed in
    JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2008/000031.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22, 119, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2008-06-16");
    flag = 0;
    
    
    if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1004823")) flag++;
    
    if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006360")) flag++;
    
    if (
      esx_check(
        ver           : "ESX 3.0.3",
        patch         : "ESX303-200808407-SG",
        patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01")
      )
    ) flag++;
    
    if (
      esx_check(
        ver           : "ESX 3.5.0",
        patch         : "ESX350-200806404-SG",
        patch_updates : make_list("ESX350-201003403-SG", "ESX350-201203401-SG", "ESX350-Update02", "ESX350-Update03", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
      )
    ) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_5_UPDATE2.NASL
    descriptionThe remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen2020-03-18
    modified2008-09-25
    plugin id34290
    published2008-09-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34290
    titleMac OS X : Java for Mac OS X 10.5 Update 2
    code
    #TRUSTED 260d6fc807ef38ed913cf628160f87535d590e2410b3584adc6d1ce0b8381bb0cf98f4afc92ab9057a03a59c8e07be556856c43a4b41773b7f4d94a567f289f998ec396984d2ac6b5c27f4e456c4d230ba17a3be7a57b730f7993244c9680636ed632118af835c921b4622280846a66965162dfdec583851a6771cd3f7dc479239973797920cface5f8ca76ae86c30c7155c0543e2cc0af3bdaefa5d3d3df57df95216de23f375079d3adea9c258d3c2ffc7e3391860fee202ab5729eead43d5de63c2c73f2cc6ce30b903dad1f8f903eabf631c7702d86501d2d5c4ad9b7bf810aefd5cf34242be3288df1723eb1046914cc56b768ffd9ebde101a5381a0b79a1f3ffcda397b88de8edd80b21dc1059e149a20c927f17e3e557dd1cee069f0e090fcfd05c068d52add2d3da1c5be78383e5c7e81f9b08342dd81728646021d04667aa8088c68826bea9e8e40c78d5c4cec644c8832fc7385878b79618f8d6b3cfb2e6f9a568033c66427f82d3986cbaaccc6ef6f6568d21de4f32970e7490a83ffc4e9d40fd12295f6f974ed2e66365f749f0f262433cd2f46bc2b0e884be3bd2b4bde073b38c6df7b1846f56c6e4e32ed7cfd5d02f0fc38910049deda5c80890fd508c95d668a988dcbe101727a41f0833b19eef6ec4e4c88f59722508d2d9f528c964a532b27beea954873118ae09b3b8630252d66cb83f8a1b31a44f3acb
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if (description)
    {
     script_id(34290);
     script_version("1.16");
     script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
     script_cve_id(
      "CVE-2008-1185",
      "CVE-2008-1186",
      "CVE-2008-1187",
      "CVE-2008-1188",
      "CVE-2008-1189",
      "CVE-2008-1190",
      "CVE-2008-1191",
      "CVE-2008-1192",
      "CVE-2008-1193",
      "CVE-2008-1194",
      "CVE-2008-1195",
      "CVE-2008-1196",
      "CVE-2008-3103",
      "CVE-2008-3104",
      "CVE-2008-3105",
      "CVE-2008-3106",
      "CVE-2008-3107",
      "CVE-2008-3108",
      "CVE-2008-3109",
      "CVE-2008-3110",
      "CVE-2008-3111",
      "CVE-2008-3112",
      "CVE-2008-3113",
      "CVE-2008-3114",
      "CVE-2008-3115",
      "CVE-2008-3637",
      "CVE-2008-3638"
     );
     script_bugtraq_id(28125, 30144, 30146, 31379, 31380);
    
     script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 2");
     script_summary(english:"Check for Java Update 2 on Mac OS X 10.5");
    
     script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X 10.5 host is running a version of Java for Mac OS X
    that is missing update 2.
    
    The remote version of this software contains several security
    vulnerabilities that may allow a rogue Java applet to execute arbitrary
    code on the remote host.
    
    To exploit these flaws, an attacker would need to lure an attacker into
    executing a rogue Java applet.");
     script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3179");
     script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00007.html");
     script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 update 2");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
     script_cwe_id(264);
    
     script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24");
     script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/25");
    
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
    
     script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    function exec(cmd)
    {
     local_var ret, buf;
    
     if ( islocalhost() )
      buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
     else
     {
      ret = ssh_open_connection();
      if ( ! ret ) exit(0);
      buf = ssh_cmd(cmd:cmd);
      ssh_close_connection();
     }
    
     if ( buf !~ "^[0-9]" ) exit(0);
    
     buf = chomp(buf);
     return buf;
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # Mac OS X 10.5 only
    if ( egrep(pattern:"Darwin.* 9\.", string:uname) )
    {
     cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion");
     buf = exec(cmd:cmd);
     if ( ! strlen(buf) ) exit(0);
     array = split(buf, sep:'.', keep:FALSE);
     # Fixed in version 12.2.0
     if ( int(array[0]) < 12 ||
         (int(array[0]) == 12 && int(array[1]) < 2 ) )
     {
       security_hole(0);
     }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080714_JAVA__JDK_1_5_0__ON_SL4_X.NASL
    descriptionFlaws in the JRE allowed an untrusted application or applet to elevate its privileges. This could be exploited by a remote attacker to access local files or execute local applications accessible to the user running the JRE (CVE-2008-1185, CVE-2008-1186) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196) A flaw was found in the Java Plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to access local network services. (CVE-2008-1195) A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103) Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104) A Java Runtime Environment (JRE) vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, or executing local programs. (CVE-2008-3107) Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities may allow an untrusted Java Web Start application to elevate its privileges and thereby grant itself permission to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. (CVE-2008-3111) Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. (CVE-2008-3112, CVE-2008-3113) A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114)
    last seen2020-06-01
    modified2020-06-02
    plugin id60440
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60440
    titleScientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60440);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196", "CVE-2008-3103", "CVE-2008-3104", "CVE-2008-3107", "CVE-2008-3111", "CVE-2008-3112", "CVE-2008-3113", "CVE-2008-3114");
    
      script_name(english:"Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Flaws in the JRE allowed an untrusted application or applet to elevate
    its privileges. This could be exploited by a remote attacker to access
    local files or execute local applications accessible to the user
    running the JRE (CVE-2008-1185, CVE-2008-1186)
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    Several buffer overflow flaws were found in Java Web Start (JWS). An
    untrusted JNLP application could access local files or execute local
    applications accessible to the user running the JRE. (CVE-2008-1188,
    CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
    
    A flaw was found in the Java Plug-in. A remote attacker could bypass
    the same origin policy, executing arbitrary code with the permissions
    of the user running the JRE. (CVE-2008-1192)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possible
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The JRE allowed untrusted JavaScript code to create local network
    connections by the use of Java APIs. A remote attacker could use these
    flaws to access local network services. (CVE-2008-1195)
    
    A vulnerability was found in the Java Management Extensions (JMX)
    management agent, when local monitoring is enabled. This allowed
    remote attackers to perform illegal operations. (CVE-2008-3103)
    
    Multiple vulnerabilities with unsigned applets were reported. A remote
    attacker could misuse an unsigned applet to connect to localhost
    services running on the host running the applet. (CVE-2008-3104)
    
    A Java Runtime Environment (JRE) vulnerability could be triggered by
    an untrusted application or applet. A remote attacker could grant an
    untrusted applet extended privileges such as reading and writing local
    files, or executing local programs. (CVE-2008-3107)
    
    Several buffer overflow vulnerabilities in Java Web Start were
    reported. These vulnerabilities may allow an untrusted Java Web Start
    application to elevate its privileges and thereby grant itself
    permission to read and/or write local files, as well as to execute
    local applications accessible to the user running the untrusted
    application. (CVE-2008-3111)
    
    Two file processing vulnerabilities in Java Web Start were found. A
    remote attacker, by means of an untrusted Java Web Start application,
    was able to create or delete arbitrary files with the permissions of
    the user running the untrusted application. (CVE-2008-3112,
    CVE-2008-3113)
    
    A vulnerability in Java Web Start when processing untrusted
    applications was reported. An attacker was able to acquire sensitive
    information, such as the cache location. (CVE-2008-3114)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=3334
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c98a0e4a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.5.0-sun-compat and / or jdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(20, 119, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp")) flag++;
    if (rpm_check(release:"SL4", reference:"jdk-1.5.0_16-fcs")) flag++;
    
    if (rpm_check(release:"SL5", reference:"java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp")) flag++;
    if (rpm_check(release:"SL5", reference:"jdk-1.5.0_16-fcs")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0186.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Flaws in the JRE allowed an untrusted application or applet to elevate its privileges. This could be exploited by a remote attacker to access local files or execute local applications accessible to the user running the JRE (CVE-2008-1185, CVE-2008-1186) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) Several buffer overflow flaws were found in Java Web Start (JWS). An untrusted JNLP application could access local files or execute local applications accessible to the user running the JRE. (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196) A flaw was found in the Java Plug-in. A remote attacker could bypass the same origin policy, executing arbitrary code with the permissions of the user running the JRE. (CVE-2008-1192) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The JRE allowed untrusted JavaScript code to create local network connections by the use of Java APIs. A remote attacker could use these flaws to access local network services. (CVE-2008-1195) This update also fixes an issue where the Java Plug-in is not available for browser use after successful installation. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40717
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40717
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0186. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40717);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-1185", "CVE-2008-1186", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1191", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_bugtraq_id(28083, 28125);
      script_xref(name:"RHSA", value:"2008:0186");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    The Java Runtime Environment (JRE) contains the software and tools
    that users need to run applets and applications written using the Java
    programming language.
    
    Flaws in the JRE allowed an untrusted application or applet to elevate
    its privileges. This could be exploited by a remote attacker to access
    local files or execute local applications accessible to the user
    running the JRE (CVE-2008-1185, CVE-2008-1186)
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    Several buffer overflow flaws were found in Java Web Start (JWS). An
    untrusted JNLP application could access local files or execute local
    applications accessible to the user running the JRE. (CVE-2008-1188,
    CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
    
    A flaw was found in the Java Plug-in. A remote attacker could bypass
    the same origin policy, executing arbitrary code with the permissions
    of the user running the JRE. (CVE-2008-1192)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possible
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The JRE allowed untrusted JavaScript code to create local network
    connections by the use of Java APIs. A remote attacker could use these
    flaws to access local network services. (CVE-2008-1195)
    
    This update also fixes an issue where the Java Plug-in is not
    available for browser use after successful installation.
    
    Users of java-1.5.0-sun should upgrade to these updated packages,
    which correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1196"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ecc5fe32"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7d0f90a5"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1259b9b1"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0d8d3953"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5e329ebd"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4755491e"
      );
      # http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f802ba78"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0186"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0186";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.15-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.15-1jpp.2.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.15-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.15-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0210.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id40718
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40718
    titleRHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0210. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40718);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-0657", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196");
      script_bugtraq_id(27650, 28083, 28125);
      script_xref(name:"RHSA", value:"2008:0210");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment
    and the IBM Java 2 Software Development Kit.
    
    Two vulnerabilities in the Java Runtime Environment allowed an
    untrusted application or applet to elevate the assigned privileges.
    This could be misused by a malicious website to read and write local
    files or execute local applications in the context of the user running
    the Java process. (CVE-2008-0657)
    
    A flaw was found in the Java XSLT processing classes. An untrusted
    application or applet could cause a denial of service, or execute
    arbitrary code with the permissions of the user running the JRE.
    (CVE-2008-1187)
    
    Several buffer overflow flaws were found in Java Web Start (JWS). An
    untrusted JNLP application could access local files or execute local
    applications accessible to the user running the JRE. (CVE-2008-1188,
    CVE-2008-1189, CVE-2008-1190, CVE-2008-1196)
    
    A flaw was found in the Java Plug-in. A remote attacker could bypass
    the same origin policy, executing arbitrary code with the permissions
    of the user running the JRE. (CVE-2008-1192)
    
    A flaw was found in the JRE image parsing libraries. An untrusted
    application or applet could cause a denial of service, or possible
    execute arbitrary code with the permissions of the user running the
    JRE. (CVE-2008-1193)
    
    A flaw was found in the JRE color management library. An untrusted
    application or applet could trigger a denial of service (JVM crash).
    (CVE-2008-1194)
    
    The JRE allowed untrusted JavaScript code to create local network
    connections by the use of Java APIs. A remote attacker could use these
    flaws to access local network services. (CVE-2008-1195)
    
    All users of java-ibm-1.5.0 are advised to upgrade to these updated
    packages, that contain IBM's 1.5.0 SR7 Java release which resolves
    these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0210"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0210";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc");
      }
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_REL7.NASL
    descriptionThe remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 7. The remote version of this software contains several security vulnerabilities which may allow a rogue java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen2020-03-18
    modified2008-09-25
    plugin id34291
    published2008-09-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34291
    titleMac OS X : Java for Mac OS X 10.4 Release 7
    code
    #TRUSTED 6001b4ff7b1dd59b074167eff0988cf739fa804ca9db310deab2eafc23a1bde034eecc861a2e25b5f0047c8e71fcd7ff67d5aa755963607af127a47b9936cb4d74b019c7cf9d741030934bd981448a46bb6fa6d73ddfcd4b569c550d0abab292229872b9a07f2481ea9cc960ea233d10a89a1a29312df558a08b17c137580845e2bb47ba5e2284e4458b61555a7ac8583d6df18af174bb0558cf375ed64d7fe2089418826600efb52618d94ac819769a06042005fc53ed227e38d23358bd7542de740e8d69102385d059517d4bad9c78b6aac4a72b83ce48bb5957ff52eb1219f19ad91466063526d81bee1548a970d20513ae5fa99274d5967c9ca800782b9b1098dcfd958687dfe7c8595ba0366d7c98bebac4588130d307ba54d93c4bef381d963c45a4bbcd5c2c8b35844575e81fff945559a1126f6071fe9ef236b1bc4c9a3d3bd41fd0350053e6d24b7f52ae9e0b984d224b01aea2aad04cd26b04026a378178defc4db76b7130169031ebed0cbbb802445aee35c841fd259192b1566b3ca95355caa0a43b5ecaaf3901d3ac0c8c40dce3c3f64985fdeb54fd0fe3db4e7026beea279edaea63b1eca8b6af664b29710f5e29414bdcf0e30e7ee8df1498ffe744e41fb97004486d8406b802a7f476941bc57a9618e2e1d247c885adb62a1b9fd211015434c95a6983bd87c1e6e6909d6405454277cdb1834b2cade289b5
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(34291);
     script_version("1.16");
     script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");
    
     script_cve_id(
      "CVE-2008-1185",
      "CVE-2008-1186",
      "CVE-2008-1187",
      "CVE-2008-1188",
      "CVE-2008-1189",
      "CVE-2008-1190",
      "CVE-2008-1191",
      "CVE-2008-1192",
      "CVE-2008-1193",
      "CVE-2008-1194",
      "CVE-2008-1195",
      "CVE-2008-1196",
      "CVE-2008-3103",
      "CVE-2008-3104",
      "CVE-2008-3105",
      "CVE-2008-3106",
      "CVE-2008-3107",
      "CVE-2008-3108",
      "CVE-2008-3109",
      "CVE-2008-3110",
      "CVE-2008-3111",
      "CVE-2008-3112",
      "CVE-2008-3113",
      "CVE-2008-3114",
      "CVE-2008-3115",
      "CVE-2008-3637",
      "CVE-2008-3638"
     );
     script_bugtraq_id(28125, 30144, 30146, 31379, 31380);
    
     script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 7");
     script_summary(english:"Check for Java Release 7 on Mac OS X 10.4");
    
     script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X
    that is older than release 7.
    
    The remote version of this software contains several security
    vulnerabilities which may allow a rogue java applet to execute arbitrary
    code on the remote host.
    
    To exploit these flaws, an attacker would need to lure an attacker into
    executing a rogue Java applet.");
     script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3178");
     script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00008.html");
     script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.4 release 7 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
     script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
     script_cwe_id(264);
    
     script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24");
     script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/25");
    
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
    
     script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
    
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/MacOSX/packages");
     exit(0);
    }
    
    
    include("misc_func.inc");
    include("ssh_func.inc");
    include("macosx_func.inc");
    
    
    if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
      enable_ssh_wrappers();
    else disable_ssh_wrappers();
    
    function exec(cmd)
    {
     local_var ret, buf;
    
     if ( islocalhost() )
      buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
     else
     {
      ret = ssh_open_connection();
      if ( ! ret ) exit(0);
      buf = ssh_cmd(cmd:cmd);
      ssh_close_connection();
     }
    
     if ( buf !~ "^[0-9]" ) exit(0);
    
     buf = chomp(buf);
     return buf;
    }
    
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    uname = get_kb_item("Host/uname");
    # Mac OS X 10.4.11 only
    if ( egrep(pattern:"Darwin.* 8\.11\.", string:uname) )
    {
     cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion");
     buf = exec(cmd:cmd);
     if ( ! strlen(buf) ) exit(0);
     array = split(buf, sep:'.', keep:FALSE);
     # Fixed in version 11.8.0
     if ( int(array[0]) < 11 ||
         (int(array[0]) == 11 && int(array[1]) < 8 ) )
     {
       security_hole(0);
     }
    }
    

Oval

accepted2010-09-06T04:13:36.099-04:00
classvulnerability
contributors
nameAharon Chernin
organizationSCAP.com, LLC
descriptionMultiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
familyunix
idoval:org.mitre.oval:def:9542
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
version7

Redhat

advisories
  • rhsa
    idRHSA-2008:0186
  • rhsa
    idRHSA-2008:0210
  • rhsa
    idRHSA-2008:0244
  • rhsa
    idRHSA-2008:0245
  • rhsa
    idRHSA-2008:0267
rpms
  • java-1.5.0-sun-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-sun-demo-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-demo-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-sun-devel-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-devel-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-sun-plugin-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-plugin-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-sun-src-0:1.5.0.15-1jpp.2.el4
  • java-1.5.0-sun-src-0:1.5.0.15-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-accessibility-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-demo-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-demo-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-devel-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-devel-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-ibm-src-1:1.5.0.7-1jpp.2.el4
  • java-1.5.0-ibm-src-1:1.5.0.7-1jpp.2.el5
  • java-1.5.0-bea-0:1.5.0.14-1jpp.2.el5
  • java-1.5.0-bea-demo-0:1.5.0.14-1jpp.2.el5
  • java-1.5.0-bea-devel-0:1.5.0.14-1jpp.2.el5
  • java-1.5.0-bea-jdbc-0:1.5.0.14-1jpp.2.el5
  • java-1.5.0-bea-missioncontrol-0:1.5.0.14-1jpp.2.el5
  • java-1.5.0-bea-src-0:1.5.0.14-1jpp.2.el5
  • java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-demo-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.1-1jpp.2.el5
  • java-1.6.0-ibm-src-1:1.6.0.1-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4
  • java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4

References