Vulnerabilities > CVE-2008-5355 - Improper Authentication vulnerability in SUN Jdk, JRE and SDK
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Authentication Abuse An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Utilizing REST's Trust in the System Resource to Register Man in the Middle This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
- Man in the Middle Attack This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-SUN-5852.NASL description The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 / CVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 / CVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 / CVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 / CVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 / CVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 / CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 41526 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41526 title SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41526); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_name(english:"SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 / CVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 / CVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 / CVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 / CVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 / CVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 / CVE-2008-5346)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2086.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5339.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5340.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5341.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5342.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5343.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5344.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5346.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5347.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5348.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5349.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5350.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5351.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5352.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5353.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5354.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5356.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5357.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5358.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5359.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5360.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5852."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-alsa-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-demo-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-devel-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-jdbc-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-plugin-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-src-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-alsa-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-devel-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-jdbc-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-plugin-1.4.2.19-0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE9_12321.NASL description The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 41263 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41263 title SuSE9 Security Update : Sun Java (YOU Patch Number 12321) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41263); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_name(english:"SuSE9 Security Update : Sun Java (YOU Patch Number 12321)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2086.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5339.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5340.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5341.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5342.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5343.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5344.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5346.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5347.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5348.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5349.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5350.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5351.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5352.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5353.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5354.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5356.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5357.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5358.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5359.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5360.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12321."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"java2-1.4.2-129.48")) flag++; if (rpm_check(release:"SUSE9", reference:"java2-jre-1.4.2-129.48")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1025.NASL description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086) Additionally, these packages fix several other vulnerabilities. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40732 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40732 title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:1025. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(40732); script_version ("1.30"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_bugtraq_id(32620, 32892); script_xref(name:"RHSA", value:"2008:1025"); script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086) Additionally, these packages fix several other vulnerabilities. These are summarized in the 'Advance notification of Security Updates for Java SE' from Sun Microsystems. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2086" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5339" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5340" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5341" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5342" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5343" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5344" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5345" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5346" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5348" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5349" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5350" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5351" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5352" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5353" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5354" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5356" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5357" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5359" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-5360" ); # http://blogs.sun.com/security/entry/advance_notification_of_security_updates3 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c8d7aabf" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:1025" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/12/04"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:1025"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.17-1jpp.2.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_5_0-SUN-081217.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 39997 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39997 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update java-1_5_0-sun-375. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39997); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_name(english:"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)"); script_summary(english:"Check for the java-1_5_0-sun-375 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=456770" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1_5_0-sun packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-alsa-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-demo-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-devel-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-jdbc-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-plugin-1.5.0_update17-0.1") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"java-1_5_0-sun-src-1.5.0_update17-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_5_0-sun / java-1_5_0-sun-alsa / java-1_5_0-sun-demo / etc"); }NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0014.NASL description a. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 42179 published 2009-10-19 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42179 title VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2009-0014. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(42179); script_version("1.32"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2086", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0692", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1893"); script_bugtraq_id(35668); script_xref(name:"VMSA", value:"2009-0014"); script_name(english:"VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon's init script ('/etc/init.d/dhcpd'). A local attacker could use this flaw to overwrite an arbitrary file with the output of the 'dhcpd -t' command via a symbolic link attack, if a system administrator executed the DHCP init script with the 'configtest', 'restart', or 'reload' option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1893 to this issue. b. Updated Service Console package kernel Service Console package kernel update to version kernel-2.4.21-58.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the security issues fixed in kernel-2.4.21-58.EL c. JRE Security Update JRE update to version 1.5.0_18, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339, CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000076.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2009-10-16"); flag = 0; if (esx_check(ver:"ESX 3.0.3", patch:"ESX303-200910402-SG")) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200910401-SG", patch_updates : make_list("ESX350-200911201-UG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200910403-SG", patch_updates : make_list("ESX350-201003403-SG", "ESX350-201203401-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200910406-SG", patch_updates : make_list("ESX350-201203405-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-200912404-SG", patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04") ) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id VMWARE_VMSA-2009-0014_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver last seen 2020-06-01 modified 2020-06-02 plugin id 89116 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89116 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89116); script_version("1.5"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2007-6063", "CVE-2008-0598", "CVE-2008-2086", "CVE-2008-2136", "CVE-2008-2812", "CVE-2008-3275", "CVE-2008-3525", "CVE-2008-4210", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0692", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1101", "CVE-2009-1102", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1105", "CVE-2009-1106", "CVE-2009-1107", "CVE-2009-1893" ); script_bugtraq_id( 26605, 29235, 29942, 30076, 30647, 31368, 32608, 32620, 32892, 34240, 35668, 35670 ); script_xref(name:"VMSA", value:"2009-0014"); script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)"); script_summary(english:"Checks the ESX / ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2009-0014"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX / ESXi version 3.5 / 4.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app_name = "VMware ESX"; version = get_kb_item_or_exit("Host/VMware/version"); release = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); fixes = make_array(); fixes["ESX 3.5"] = 199239; fixes["ESX 4.0"] = 219382; fixes["ESXi 4.0"] = 208167; matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release); if (empty_or_null(matches)) exit(1, 'Failed to extract the ESX / ESXi build number.'); type = matches[1]; build = int(matches[2]); fixed_build = fixes[version]; if (!isnull(fixed_build) && build < fixed_build) { padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment report = '\n ' + type + ' version' + padding + ': ' + version + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_report_v4(extra:report, port:port, severity:SECURITY_HOLE); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);NASL family Windows NASL id SUN_JAVA_JRE_244986.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE last seen 2020-06-01 modified 2020-06-02 plugin id 35030 published 2008-12-04 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35030 title Sun Java JRE Multiple Vulnerabilities (244986 et al) code # # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(35030); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_bugtraq_id(30633, 32608, 32620, 32892); script_name(english:"Sun Java JRE Multiple Vulnerabilities (244986 et al)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing. (244987) - It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences. - There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988) - The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989) - A buffer overflow may allow an untrusted Java application that is launched through the commandline to escalate its privileges. (244990) - A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to escalate its privileges. (244991) - A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to escalate its privileges with unpacking applets and Java Web Start applications. (244992) - The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246) - An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266) - A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286) - A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346) - Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to escalate privileges. (246366) - An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running. (246386) - The JRE allows code loaded from the local filesystem to access localhost. (246387)" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019736.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019737.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019738.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019739.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019740.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019741.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019742.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019759.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019793.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019794.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019797.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019798.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019799.1.html" ); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019800.1.html" ); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u11-139394.html" ); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html" ); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html" ); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove if necessary any affected versions." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_publication_date", value: "2008/12/04"); script_set_attribute(attribute:"patch_publication_date", value: "2008/12/03"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list("SMB/Java/JRE/*"); if (isnull(installs)) exit(1, "The 'SMB/Java/JRE/' KB item is missing."); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver =~ "^[0-9.]+") installed_versions = installed_versions + " & " + ver; if ( ver =~ "^1\.6\.0_(0[0-9]|10)([^0-9]|$)" || ver =~ "^1\.5\.0_(0[0-9]|1[0-6])([^0-9]|$)" || ver =~ "^1\.4\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))" || ver =~ "^1\.3\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))" ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }NASL family Misc. NASL id SUN_JAVA_JRE_244986_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE last seen 2020-06-01 modified 2020-06-02 plugin id 64828 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64828 title Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64828); script_version("1.13"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360" ); script_bugtraq_id( 30633, 32608, 32620, 32892 ); script_name(english:"Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)"); script_summary(english:"Checks version of Sun JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Unix host contains a runtime environment that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing. (244987) - It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences. - There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988) - The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989) - A buffer overflow may allow an untrusted Java application that is launched through the command line to elevate its privileges. (244990) - A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to elevate its privileges. (244991) - A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to elevate its privileges with unpacking applets and Java Web Start applications. (244992) - The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246) - An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266) - A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286) - A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346) - Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to elevate privileges. (246366) - An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running. (246386) - The JRE allows code loaded from the local filesystem to access localhost. (246387)"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019736.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019737.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019738.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019739.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019740.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019741.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019742.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019759.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019793.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019794.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019797.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019798.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019799.1.html"); script_set_attribute(attribute:"see_also", value:"https://download.oracle.com/sunalerts/1019800.1.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u11-139394.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/index.html"); script_set_attribute(attribute:"solution", value: "Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary, any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-5355"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed_unix.nasl"); script_require_keys("Host/Java/JRE/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*"); info = ""; vuln = 0; vuln2 = 0; installed_versions = ""; granular = ""; foreach install (list_uniq(keys(installs))) { ver = install - "Host/Java/JRE/Unmanaged/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ "^1\.6\.0_(0[0-9]|10)([^0-9]|$)" || ver =~ "^1\.5\.0_(0[0-9]|1[0-6])([^0-9]|$)" || ver =~ "^1\.4\.([01]_|2_(0[0-9]|1[0-8]([^0-9]|$)))" || ver =~ "^1\.3\.(0_|1_([01][0-9]|2[0-3]([^0-9]|$)))" ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_11 / 1.5.0_17 / 1.4.2_19 / 1.3.1_24\n'; } else if (ver =~ "^[\d\.]+$") { dirs = make_list(get_kb_list(install)); foreach dir (dirs) granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n'; } else { dirs = make_list(get_kb_list(install)); vuln2 += max_index(dirs); } } # Report if any were found to be vulnerable. if (info) { if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:0, extra:report); } else security_hole(0); if (granular) exit(0, granular); } else { if (granular) exit(0, granular); installed_versions = substr(installed_versions, 3); if (vuln2 > 1) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-02.NASL description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 42834 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42834 title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-SUN-081217.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40002 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40002 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-SUN-081217.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40241 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40241 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-5876.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 35306 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35306 title openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1018.NASL description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086) Additionally, these packages fix several other critical vulnerabilities. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40731 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40731 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40235 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40235 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-SUN-5875.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 35305 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35305 title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)
Oval
| accepted | 2010-01-11T04:01:25.525-05:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:5664 | ||||
| status | accepted | ||||
| submitted | 2009-09-23T15:39:02.000-04:00 | ||||
| title | Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures | ||||
| version | 4 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 32620,32608 CVE(CAN) ID: CVE-2008-5339,CVE-2008-5340,CVE-2008-5341,CVE-2008-5342,CVE-2008-5343,CVE-2008-5344,CVE-2008-5345,CVE-2008-5346,CVE-2008-5347,CVE-2008-5348,CVE-2008-5349,CVE-2008-5350,CVE-2008-5351,CVE-2008-5352,CVE-2008-5353,CVE-2008-5354,CVE-2008-5355,CVE-2008-5356,CVE-2008-5357,CVE-2008-5358,CVE-2008-5359,CVE-2008-5360,CVE-2008-2086 Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 Sun Java中的多个安全漏洞可能允许恶意用户绕过某些安全限制、泄露系统信息、导致拒绝服务或完全入侵有漏洞的系统。 1) JRE创建了名称不过随机的临时文件,这可能导致在受影响的系统上写入任意JAR文件并执行有限的操作。 2) Java AWT库在处理图形模型时存在错误,在ConvolveOp操作中使用的特制Raster图形模型可能导致堆溢出。 3) Java Web Start在处理某些GIF头值时的错误可能允许通过特制的splash logo导致内存破坏。 4) 处理TrueType字体时的整数溢出可能导致堆溢出。 5) JRE中的错误可能导致创建到任意主机的网络连接。 6) 启动Java Web Start应用程序时的错误可能允许不可信任的应用程序以当前用户的权限读写或执行本地文件。 7) 不可信任的Java Web Start应用程序可以获取当前用户名和Java Web Start缓存的位置。 8) Java Web Start中的错误可能允许通过特制的JNLP文件修改系统属性,如java.home、java.ext.dirs和user.home。 9) Java Web Start和Java Plug-in中的错误可能导致劫持HTTP会话。 10) JRE applet类加载功能中的错误可能导致读取任意文件和创建到任意主机的网络连接。 11) Java Web Start BasicService中的错误可能导致在用户浏览器中打开任意本地文件。 12) Java Update机制没有检查下载的更新软件包的数字签名,这可能允许通过中间人或DNS伪造攻击执行任意代码。 13) 在处理JAR文件的Main-Class清单项时的边界错误可能允许通过特制的JAR文件导致栈溢出。 14) 还原序列号日历对象时的错误可能允许不可信任的Java applet读写或执行本地文件。 15) JRE中的整数溢出可能允许通过特制的Pack200压缩JAR文件导致堆溢出。 16) UTF-8解码器接受长于最短表单的编码,这可能导致使用解码器的应用程序通过特制URI接受无效的序列和泄露敏感信息。 17) JRE中的错误可能允许列出用户主目录的内容。 18) 处理RSA公钥时的错误可能导致消耗大量CPU资源。 19) JRE Kerberos认证机制中的错误可能导致耗尽操作系统资源。 20) JAX-WS和JAXB JRE软件包中的错误可能允许不可信任的Java applet读写或执行本地文件。 21) 处理ZIP文件时的错误可能导致泄露主机进程的任意内存位置。 22) 从本地文件系统所加载的恶意代码可能获取对本地主机的网络访问。 23) 处理TrueType字体时的边界错误可能导致堆溢出。 Sun JDK <= 6 Update 10 Sun JDK <= 5.0 Update 16 Sun JRE <= 6 Update 10 Sun JRE <= 5.0 Update 16 Sun SDK 1.4.2 Sun SDK 1.3.1 RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:1025-01)以及相应补丁: RHSA-2008:1025-01:Critical: java-1.5.0-sun security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-1025.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1025.html</a> Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-246387)以及相应补丁: Sun-Alert-246387:A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost 链接:<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1</a> 补丁下载: <a href=http://java.sun.com/javase/downloads/index.jsp target=_blank>http://java.sun.com/javase/downloads/index.jsp</a> <a href=http://java.sun.com/javase/downloads/index_jdk5.jsp target=_blank>http://java.sun.com/javase/downloads/index_jdk5.jsp</a> <a href=http://java.sun.com/j2se/1.4.2/download.html target=_blank>http://java.sun.com/j2se/1.4.2/download.html</a> <a href=http://java.sun.com/j2se/1.3/download.html target=_blank>http://java.sun.com/j2se/1.3/download.html</a> |
| id | SSV:4532 |
| last seen | 2017-11-19 |
| modified | 2008-12-09 |
| published | 2008-12-09 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4532 |
| title | Sun Java JDK/JRE安全更新修复多个漏洞 |
References
- http://osvdb.org/50498
- http://osvdb.org/50498
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
- http://www.securitytracker.com/id?1021315
- http://www.securitytracker.com/id?1021315
- http://www.us-cert.gov/cas/techalerts/TA08-340A.html
- http://www.us-cert.gov/cas/techalerts/TA08-340A.html
- http://www.vupen.com/english/advisories/2008/3339
- http://www.vupen.com/english/advisories/2008/3339
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664